Lucene search
K

9099 matches found

Code423n4
Code423n4
added 2022/11/13 12:0 a.m.6 views

Initialization function can be front-run

Lines of code Vulnerability details Detailed description of the impact of this finding: Exchange.sol has initialization function that can be front-run, allowing an attacker to incorrectly initialize the contract. Due to the use of the delegatecall proxy pattern, Exchange.sol cannot be initialized...

6.9AI score
Exploits0
OSV
OSV
added 2022/11/11 4:15 p.m.3 views

CVE-2022-36349

Insecure default variable initialization in BIOS firmware for some IntelR NUC Boards and IntelR NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References1
Prion
Prion
added 2022/11/11 4:15 p.m.21 views

Default configuration

Insecure default variable initialization in BIOS firmware for some IntelR NUC Boards and IntelR NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access...

1.7CVSS5.3AI score0.00171EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/11/11 3:48 p.m.58 views

CVE-2022-36349

CVE-2022-36349 refers to insecure default variable initialization in BIOS firmware for Intel NUC Boards/Kits prior to MYi30060. The issue can allow an authenticated local user to cause denial of service. Intel’s advisory lists affected SKUs and firmware updates, recommending upgrading to MYi30060...

5.5CVSS5.3AI score0.00171EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.4 views

PT-2022-23323 · Intel · Intel Nuc Boards +1

Name of the Vulnerable Software and Affected Versions: IntelR NUC Boards and IntelR NUC Kits versions prior to MYi30060 Description: The issue is related to insecure default variable initialization in BIOS firmware, which may allow an authenticated user to potentially enable denial of service via...

5.5CVSS5.2AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.4 views

Intel NUC 安全漏洞

The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in versions prior to IntelR NUC 11 Pro Kits and IntelR NUC 11 Pro Boards TNTGL357.0064, which stems from improper initialization of their BIOS firmware allowing authenticated users to potentially...

7.8CVSS7.3AI score0.00162EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/11/10 8:15 p.m.26 views

CVE-2022-39393

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...

8.6CVSS7AI score0.00657EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.6 views

Uninitializing Bridge Contracts' State Variables

Lines of code Vulnerability details Vulnerability Details The L1ERC20Bridge and L1EthBridge are implementation contracts that would be delegatecalled by their corresponding proxy contracts. In other words, all state variables and assets would be stored in the proxy contracts. In contrast, the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.33 views

Unsafe Initializations Of Bridge Contracts

Lines of code Vulnerability details Vulnerability Details During the zkSync initialization process, several complicated tasks would be required to execute. Incorrect configurations in some tasks could lead to unexpected vulnerabilities. One task of the zkSync initialization process is deploying a...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/09 12:0 a.m.6 views

PT-2025-13284

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue in the Linux kernel's f2fs file system has been resolved. The problem occurred because spin lock&sbi-error lock was called before spin lock init was called, resulting in ...

5.5CVSS5.5AI score0.00114EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.5 views

kernel: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()

A flaw was found in the virtio-gpu module in the Linux kernel. If the initialization fails, for example, due to a fault injection, a missing check in the virtiogpuarrayputfree function can cause a NULL pointer dereference, resulting in a denial of service...

5.5CVSS6.5AI score0.00255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.4 views

kernel: ath9k_htc: fix uninit value bugs

In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...

5.5CVSS6.4AI score0.00253EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.3 views

kernel: RDMA/hfi1: Prevent use of lock before it is initialized

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdmamaplock is initialized, the call to hfi1freedevdata will attempt to use a lock that has not been initialized. If th...

5.5CVSS6.3AI score0.00247EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/11/07 12:0 a.m.42 views

Siemens SIMATIC S7-1500 Improper Initialization (CVE-2020-8744)

Improper initialization in subsystem for IntelR CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 4.0.30 IntelR SPS versions before E305.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. This plugin...

7.8CVSS7.3AI score0.00357EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/11/05 12:0 a.m.3 views

PT-2022-24952 · Wasmtime · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 2.0.2 Description: There is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance, the initial heap snapshot of the prior instance can be...

8.6CVSS8.2AI score0.00657EPSS
Exploits0References17
Cvelist
Cvelist
added 2022/11/04 12:0 a.m.37 views

CVE-2022-39384 OpenZeppelin Contracts initializer reentrancy may lead to double initialization

OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external cal...

5.6CVSS6AI score0.00494EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.4 views

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions 3.2.0 and later through 4.4.1 and earlier, which stems from an exception set to support multiple inheritance that breaks the expectation of a...

5.6CVSS6AI score0.00494EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/11/03 12:0 a.m.17 views

reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1ERC20Bridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem becaus...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/26 12:0 a.m.5 views

PT-2022-36709 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception crash has been reported. The crash occurs in the jaz.Zer class during the initialization process, specifically in the java.lang.Class.forName0 and...

7AI score
Exploits0References2
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly initializing memory. An attacker could exploit this vulnerability to execute arbitrary code in...

5.1CVSS6.6AI score0.0061EPSS
Exploits0References5
Rows per page
Query Builder