Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9446 | 3 Fedoraproject, Gstreamer Project, Redhat | 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. | |||||
| CVE-2011-4087 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 4.3 MEDIUM | 7.5 HIGH |
| The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. | |||||
| CVE-2011-3927 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-35342 | 1 Gnu | 1 Binutils | 2023-10-06 | N/A | 7.5 HIGH |
| GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | |||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2023-09-22 | N/A | 5.5 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2023-09-22 | N/A | 4.4 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-40349 | 1 Jenkins | 1 Gogs | 2023-08-18 | N/A | 5.3 MEDIUM |
| Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. | |||||
| CVE-2022-46505 | 1 Matrixssl | 1 Matrixssl | 2023-08-08 | N/A | 7.5 HIGH |
| An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. | |||||
| CVE-2023-37479 | 1 Openenclave | 1 Openenclave | 2023-07-28 | N/A | 7.5 HIGH |
| Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-27934 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 8.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2022-48518 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 5.5 MEDIUM |
| Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance. | |||||
| CVE-2022-39284 | 1 Codeigniter | 1 Codeigniter | 2023-07-11 | N/A | 4.3 MEDIUM |
| CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA. | |||||
| CVE-2019-12646 | 1 Cisco | 13 1100-4p, 1100-8p, 1101-4p and 10 more | 2023-05-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2023-25010 | 1 Autodesk | 1 Maya Usd | 2023-04-25 | N/A | 7.8 HIGH |
| A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. | |||||
| CVE-2022-48352 | 1 Huawei | 2 Emui, Harmonyos | 2023-04-03 | N/A | 7.5 HIGH |
| Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic. | |||||
| CVE-2021-23223 | 1 Intel | 10 Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1675 Firmware, Killer Wi-fi 6e Ax1690 and 7 more | 2023-04-01 | N/A | 7.8 HIGH |
| Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-26084 | 1 Arm | 1 Aarch64cryptolib | 2023-03-22 | N/A | 3.7 LOW |
| The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable. | |||||
| CVE-2021-3329 | 1 Zephyrproject | 1 Zephyr | 2023-03-07 | N/A | 6.5 MEDIUM |
| Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | |||||
| CVE-2022-30704 | 1 Intel | 934 Celeron 1000m, Celeron 1000m Firmware, Celeron 1005m and 931 more | 2023-03-06 | N/A | 6.7 MEDIUM |
| Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32231 | 1 Intel | 362 Xeon Bronze 3104, Xeon Bronze 3104 Firmware, Xeon Bronze 3106 and 359 more | 2023-03-06 | N/A | 6.7 MEDIUM |
| Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||