Vulnerabilities > Improper Initialization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2017-14609 | Improper Initialization vulnerability in Kannel 1.5.0 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. | 4.6 |
| 2017-09-05 | CVE-2017-14159 | Improper Initialization vulnerability in multiple products slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | 1.9 |
| 2017-09-01 | CVE-2017-14102 | Improper Initialization vulnerability in Mimedefang 2.80 MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | 4.6 |
| 2017-08-29 | CVE-2017-13715 | Improper Initialization vulnerability in Linux Kernel The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. | 9.8 |
| 2017-08-23 | CVE-2017-13649 | Improper Initialization vulnerability in Unrealircd UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 2.1 |
| 2017-08-23 | CVE-2017-12847 | Improper Initialization vulnerability in Nagios Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 6.3 |
| 2017-08-09 | CVE-2017-0745 | Improper Initialization vulnerability in Google Android A remote code execution vulnerability in the Android media framework (avc decoder). | 9.3 |
| 2017-08-09 | CVE-2017-0735 | Improper Initialization vulnerability in Google Android A denial of service vulnerability in the Android media framework (libavc). | 4.3 |
| 2017-08-09 | CVE-2017-0723 | Improper Initialization vulnerability in Google Android A remote code execution vulnerability in the Android media framework (libavc). | 9.3 |
| 2017-07-06 | CVE-2017-10972 | Improper Initialization vulnerability in X.Org Xorg-Server Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. | 4.0 |