Lucene search
K

9106 matches found

CNNVD
CNNVD
added 2023/03/27 12:0 a.m.2 views

HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in HarmonyOS, which stems from a data initialization issue that could be exploited by an attacker to cause a system crash...

7.5CVSS7.3AI score0.00474EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.30 views

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

7.7AI score0.00474EPSS
Exploits0References2
CVE
CVE
added 2023/03/27 12:0 a.m.266 views

CVE-2023-1076

CVE-2023-1076 describes a Linux kernel flaw in tun/tap initialisation where the socket uid is hardcoded to 0 due to a type confusion. The result can cause tun/tap sockets to be treated as if they have root privileges when filtering/routing decisions are made, potentially bypassing network filters...

5.5CVSS6.4AI score0.00257EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/03/27 12:0 a.m.66 views

CVE-2022-48352

Technical details about CVE-2022-48352 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

7.5CVSS7.5AI score0.00474EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.4 views

PT-2023-21431 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 macOS Monterey versions prior to 12.6.4 Description: A memory initialization issue was addressed, which may allow a remote attacker to cause unexpected app termination or arbitrary code execution. Recommendations:...

8.8CVSS7.7AI score0.01785EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.4 views

PT-2023-15729 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Smartphones affected versions not specified Description: The issue is related to data initialization problems in some smartphones. Successful exploitation of this problem may cause a system panic. Recommendations: At the moment, there is no...

7.5CVSS7.2AI score0.00474EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.6 views

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

7.5AI score0.00474EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/03/26 12:0 a.m.7 views

The vulnerability of the private browsing mode of the Mozilla Firefox browser, which allows a violator to gain unauthorized access to protected information

The vulnerability of the private browsing mode in the Mozilla Firefox browser is related to insufficient protection of service data during the initialization of the autonomous cache. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

8.2CVSS5.8AI score0.00456EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2023/03/22 9:15 p.m.65 views

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

5.8CVSS6.3AI score0.00725EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2023/03/22 8:55 p.m.40 views

CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

4.7CVSS6.7AI score0.00725EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.2 views

Linux Kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from type obfuscation in initialization functions...

5.5CVSS6.5AI score0.00257EPSS
Exploits0References14
Zero Day Initiative
Zero Day Initiative
added 2023/03/16 12:0 a.m.17 views

Adobe Dimension USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.8AI score0.00353EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/03/16 12:0 a.m.36 views

Adobe Dimension USD File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS5.9AI score0.00332EPSS
Exploits0References1
OSV
OSV
added 2023/03/15 2:15 p.m.5 views

CVE-2023-26084

The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...

3.7CVSS5.8AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2023/03/15 2:15 p.m.14 views

CVE-2023-26084

The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...

3.7CVSS4.3AI score0.00362EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/03/14 2:1 p.m.31 views

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.4CVSS6.9AI score0.01403EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/03/14 1:57 p.m.4 views

openssl: NULL dereference during PKCS7 data verification

A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...

7.5CVSS6.7AI score0.01846EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.38 views

ABB SMU615 Improper Initialization (CVE-2021-22283)

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

6.2CVSS5.8AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2023/03/13 8:52 p.m.26 views

GHSA-7R7X-4C4Q-C4QF Missing proper state, nonce and PKCE checks for OAuth authentication

Impact next-auth applications using OAuth provider versions before v4.20.1 are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing...

8.1CVSS8.1AI score0.00538EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2023/03/13 8:52 p.m.52 views

Missing proper state, nonce and PKCE checks for OAuth authentication

Impact next-auth applications using OAuth provider versions before v4.20.1 are affected. A bad actor who can spy on the victim's network or able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing...

8.8CVSS8.3AI score0.00538EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder