9099 matches found
Initialization function can be front-run
Lines of code Vulnerability details Detailed description of the impact of this finding: Exchange.sol has initialization function that can be front-run, allowing an attacker to incorrectly initialize the contract. Due to the use of the delegatecall proxy pattern, Exchange.sol cannot be initialized...
CVE-2022-36349
Insecure default variable initialization in BIOS firmware for some IntelR NUC Boards and IntelR NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access...
Default configuration
Insecure default variable initialization in BIOS firmware for some IntelR NUC Boards and IntelR NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access...
CVE-2022-36349
CVE-2022-36349 refers to insecure default variable initialization in BIOS firmware for Intel NUC Boards/Kits prior to MYi30060. The issue can allow an authenticated local user to cause denial of service. Intel’s advisory lists affected SKUs and firmware updates, recommending upgrading to MYi30060...
PT-2022-23323 · Intel · Intel Nuc Boards +1
Name of the Vulnerable Software and Affected Versions: IntelR NUC Boards and IntelR NUC Kits versions prior to MYi30060 Description: The issue is related to insecure default variable initialization in BIOS firmware, which may allow an authenticated user to potentially enable denial of service via...
Intel NUC 安全漏洞
The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in versions prior to IntelR NUC 11 Pro Kits and IntelR NUC 11 Pro Boards TNTGL357.0064, which stems from improper initialization of their BIOS firmware allowing authenticated users to potentially...
CVE-2022-39393
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...
Uninitializing Bridge Contracts' State Variables
Lines of code Vulnerability details Vulnerability Details The L1ERC20Bridge and L1EthBridge are implementation contracts that would be delegatecalled by their corresponding proxy contracts. In other words, all state variables and assets would be stored in the proxy contracts. In contrast, the...
Unsafe Initializations Of Bridge Contracts
Lines of code Vulnerability details Vulnerability Details During the zkSync initialization process, several complicated tasks would be required to execute. Incorrect configurations in some tasks could lead to unexpected vulnerabilities. One task of the zkSync initialization process is deploying a...
PT-2025-13284
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue in the Linux kernel's f2fs file system has been resolved. The problem occurred because spin lock&sbi-error lock was called before spin lock init was called, resulting in ...
kernel: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()
A flaw was found in the virtio-gpu module in the Linux kernel. If the initialization fails, for example, due to a fault injection, a missing check in the virtiogpuarrayputfree function can cause a NULL pointer dereference, resulting in a denial of service...
kernel: ath9k_htc: fix uninit value bugs
In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...
kernel: RDMA/hfi1: Prevent use of lock before it is initialized
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent use of lock before it is initialized If there is a failure during probe of hfi1 before the sdmamaplock is initialized, the call to hfi1freedevdata will attempt to use a lock that has not been initialized. If th...
Siemens SIMATIC S7-1500 Improper Initialization (CVE-2020-8744)
Improper initialization in subsystem for IntelR CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 4.0.30 IntelR SPS versions before E305.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. This plugin...
PT-2022-24952 · Wasmtime · Wasmtime
Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 2.0.2 Description: There is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance, the initial heap snapshot of the prior instance can be...
CVE-2022-39384 OpenZeppelin Contracts initializer reentrancy may lead to double initialization
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external cal...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions 3.2.0 and later through 4.4.1 and earlier, which stems from an exception set to support multiple inheritance that breaks the expectation of a...
reentrancyGuardInitializer modifier used on constructor and Initialize functions
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1ERC20Bridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem becaus...
PT-2022-36709 · Oracle · Java.Base
Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception crash has been reported. The crash occurs in the jaz.Zer class during the initialization process, specifically in the java.lang.Class.forName0 and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly initializing memory. An attacker could exploit this vulnerability to execute arbitrary code in...