9002 matches found
Design/Logic Flaw
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...
CVE-2024-22473
Gecko SDK vulnerability CVE-2024-22473 involves TRNG used before initialization by the ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. Affected software: Gecko SDK versions through 4.4.0 (and earlier per multiple sources). Impact: potential signature spoofing via ...
CVE-2024-1108
The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...
kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function
A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nftverdictinit function, allowing positive values as a drop error within the hook verdict, therefore, the nfhookslow function can cause a double-free vulnerability when NFDROP is issued with a drop error tha...
PT-2024-9839 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an uninitialized pointer dmactl in the lpass get dmactl handle function of the Linux kernel's ASoC qcom component. When the driver id dai id is invalid, the...
PT-2024-19442 · Gecko Sdk · Gecko Sdk
Name of the Vulnerable Software and Affected Versions: Gecko SDK versions through 4.4.0 Description: The issue arises from the use of a True Random Number Generator TRNG before its initialization by the ECDSA signing driver when exiting low-power modes EM2/EM3 on Virtual Secure Vault VSE devices...
Insecure Default Initialization of Resource
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the Liferay-Portal response header. An attacker can obtain sensitive version information by sending crafted HTTP...
JDK: Eclipse OpenJ9 JVM denial of service
Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite...
The vulnerability of the Intel Memory and Storage Tool’s software for monitoring and managing RAM and solid-state drives lies in improper resource initialization, which allows a hacker to trigger a service failure.
The vulnerability of the Intel Optane solid-state storage management tool for customers and data processing centers involves improper initialization of resources. Exploiting this vulnerability can allow attackers to cause service failures...
Siemens Simcenter Femap MODEL File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Input validation
Improper initialization in some IntelR MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access...
CVE-2023-36490
Improper initialization in some IntelR MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access...
CVE-2023-35061
Improper initialization for the IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access...
CVE-2023-28720
Improper initialization for some IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
CVE-2023-28720
Improper initialization for some IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
CVE-2023-28720
Improper initialization for some IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
Input validation
Improper initialization for some IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
Input validation
Improper initialization for some IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access...
CVE-2023-35061
Improper initialization for the IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access...
CVE-2023-28720
Removed by vendor...