Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3637 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-15 | 9.3 HIGH | 8.8 HIGH |
| The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | |||||
| CVE-2018-2934 | 1 Oracle | 1 E-business Suite | 2024-02-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2023-28720 | 2024-02-14 | N/A | 6.1 MEDIUM | ||
| Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.. | |||||
| CVE-2023-35061 | 2024-02-14 | N/A | 4.3 MEDIUM | ||
| Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2023-36490 | 2024-02-14 | N/A | 5.0 MEDIUM | ||
| Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-4503 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack | 2024-02-14 | N/A | 7.5 HIGH |
| An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server. | |||||
| CVE-2008-0062 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-09 | 9.3 HIGH | 9.8 CRITICAL |
| KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | |||||
| CVE-2007-3749 | 1 Apple | 1 Mac Os X | 2024-02-09 | 7.2 HIGH | 7.8 HIGH |
| The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. | |||||
| CVE-2022-46487 | 1 Scontain | 1 Scone | 2024-01-05 | N/A | 7.8 HIGH |
| Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. | |||||
| CVE-2020-1592 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 2.1 LOW | 4.4 MEDIUM |
| <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p> | |||||
| CVE-2020-16901 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-31 | 2.1 LOW | 5.0 MEDIUM |
| <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p> | |||||
| CVE-2021-1661 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-45085 | 1 Softiron | 1 Hypercloud | 2023-12-12 | N/A | 3.3 LOW |
| An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3. | |||||
| CVE-2020-5529 | 4 Apache, Canonical, Debian and 1 more | 4 Camel, Ubuntu Linux, Debian Linux and 1 more | 2023-12-07 | 6.8 MEDIUM | 8.1 HIGH |
| HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application. | |||||
| CVE-2023-49062 | 1 Facebook | 1 Katran | 2023-12-04 | N/A | 7.5 HIGH |
| Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f | |||||
| CVE-2023-27306 | 1 Intel | 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more | 2023-11-30 | N/A | 5.5 MEDIUM |
| Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-5370 | 1 Freebsd | 1 Freebsd | 2023-11-24 | N/A | 5.5 MEDIUM |
| On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. | |||||
| CVE-2023-28737 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 7.8 HIGH |
| Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46301 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 4.4 MEDIUM |
| Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-45109 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||