tough-cookie: prototype pollution in cookie memstore

A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

CVE-2023-38701

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

Hydra Input Validation Error Vulnerability

Hydra is a penetration testing tool. An input validation error vulnerability exists in versions of Hydra prior to 0.13.0 that stems from incorrect data validation logic during head initializer casting, where a malicious head initializer may extract one or more PT policies for the head being...

PT-2023-32073 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when the check for the SMCCC workaround is called before SMCCC support has been initialized on CPU 0. This results in no speculative...

VulnCheck KEV: CVE-2022-22071

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress...

Mozilla Firefox JIT Boolean Conversion Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation...

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

Input validation

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-20597

CVE-2023-20597 concerns improper initialization of variables in the AMD DXE driver, leading to potential local-information disclosure. The vulnerability is discussed across multiple sources (AMD/SB-4007 and related advisories), which describe memory-leak risks in the DXE driver and note mitigatio...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-20594

CVE-2023-20594 concerns the AMD DXE driver. The root cause is improper initialization of variables in the DXE driver, which may allow a privileged local user to leak sensitive information. Impact is information disclosure with local access; attack vector is local. The vulnerability affects AMD DX...

AMD DXE Driver Security Vulnerability

AMD DXE driver is a driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD DXE Driver, which stems from improper initialization of variables in the driver, and could allow a privileged user to disclose sensitive information via local access...

PT-2023-36026 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.copyOfSubArray and org.apache.lucene.util.BytesRef.deepCopyOf...

AMD DXE Driver Security Vulnerability

AMD DXE driver is a driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD DXE Driver, which stems from improper initialization of variables in the driver, and could allow a privileged user to disclose sensitive information via local access...