Mitsubishi Electric MELSEC-F Series Improper Initialization (CVE-2021-20613)

Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service DoS condition in communication...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash

A bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact applications that u...

The vulnerabilities of D-Link DIR-550A and DIR-604M router microprogramming software allow attackers to enhance their privileges.

The vulnerability of D-Link DIR-550A and DIR-604M router microprogramming software is related to insecure resource initialization. Exploiting this vulnerability can allow a malicious actor to gain increased privileges...

Marval MSM 加密问题漏洞

Marval MSM is an innovative IT service management software from Marval UK. A security vulnerability exists in Marval MSM that stems from the use of TripleDES and IV with encryption-at-rest keys to store secrets and certain credentials to a database. Affected products and versions: Marval MSM...

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

Divide By Zero

qt6-qtsvg is vulnerable to Divide By Zero. The vulnerability due to the improper initialization of the QSvgFont munitsPerEm, which allows an attacker to cause an application crash...

SUSE CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

SUSE-SU-2023:2356-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities bsc1211390. Non-security fixes: - Fixed a potential crash during driver cleanup bsc1209861. - Added Apparmor support for SUSE...

CVE-2023-29537

CVE-2023-29537 concerns multiple race conditions in font initialization that could cause memory corruption and allow attacker-controlled code execution. Affected products include Mozilla Firefox on Android, Firefox versions before 112, and Focus for Android before 112. The vulnerability’s root ca...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6132-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6132-1 advisory. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch...

Oracle Linux 8 : istio (ELSA-2023-12356)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12356 advisory. - CVE-2022-27496 - CVE-2022-27488 - CVE-2022-27493 - CVE-2022-27492 - CVE-2022-27491 - CVE-2022-27487 Tenable has extracted the preceding description...

Oracle Linux 7 : istio (ELSA-2023-12357)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12357 advisory. - CVE-2022-27496 - CVE-2022-27488 - CVE-2022-27493 - CVE-2022-27492 - CVE-2022-27491 - CVE-2022-27487 Tenable has extracted the preceding description...

Information Disclosure

Apache InLong is vulnerable to Information Disclosure. The vulnerability exists in multiple functions due to Insecure Default Initialization of Resources, which allows a remote attacker to access deleted user's data after registering...

GHSA-H79M-5CM2-278C User data exposure in Apache InLong

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...