98 matches found
tough-cookie: prototype pollution in cookie memstore
A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...
CVE-2023-25585
Binutils contains CVE-2023-25585: the file_table field of struct module *module is uninitialized, which may cause an application crash and local denial of service. This is corroborated by multiple connected advisories (Astra Linux, Alpine Linux, Debian Security Tracker, FreeBSD VuxML, and CVE rec...
PT-2023-28228 · Unknown · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the targ...
CVE-2023-3242
Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions...
CVE-2022-28317
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2022-28320
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
SUSE CVE-2006-5749
The isdnpppccpresetallocstate function in drivers/isdn/isdnppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the inittimer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash...
SUSE CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...
SUSE CVE-2020-27208
The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...
SUSE CVE-2022-0175
A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...
SUSE CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...
Intel NUC 安全漏洞
The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in versions prior to IntelR NUC 11 Pro Kits and IntelR NUC 11 Pro Boards TNTGL357.0064, which stems from improper initialization of their BIOS firmware allowing authenticated users to potentially...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
The vulnerability of the io_rw_init_file function in the Linux operating system’s kernel allows a hacker to gain unauthorized access to protected information.
The vulnerability of the iorwinitfile function fs/iouring.c in the Linux kernel is related to initialization errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
kernel: improper initialization of the "flags" member of the new pipe_buffer
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...
kernel: improper initialization of the "flags" member of the new pipe_buffer
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...
CVE-2021-46617
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2021-46617
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2021-46570
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
CVE-2021-34855
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...