CVE-2022-28317

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-28319

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-28320

CVE-2022-28320 affects Bentley View 10.16.02.022. The issue lies in parsing 3DM files where memory is not properly initialized before access, enabling an attacker to execute code in the context of the current process with user interaction required (visit a malicious page or open a malicious file)...

The vulnerability of the hdrblobInit() function in the lib/header.c component of the RPM package manager allows a hacker to trigger a service failure.

The vulnerability of the hdrblobInit function in the lib/header.c component of the RPM package manager is related to reading data from within allowable buffer sizes. Exploiting this vulnerability could allow an attacker to cause service failures...

CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

The vulnerability of the lsx_adpcm_init function in the SoX audio processing software allows a hacker to gain access to confidential data and also trigger a service failure.

The vulnerability of the lsxadpcminit function in the SoX audio processing software is related to reading data from beyond the buffer’s acceptable limits. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data, as well as cause service interruptions throug...

The vulnerability of the software and hardware components of SCADA systems such as ABB Relion 611, Relion 615, Relion 620, Relion REF615, Relion RED615, Relion RER620, Relion RER615, Relion REX640, eVD4, REC615, and SMU615 lies in improper initialization of resources, which allows attackers to trigger maintenance-related failures.

The vulnerability of the software and hardware components of SCADA systems such as ABB Relion 611, Relion 615, Relion 620, Relion REF615, Relion RED615, Relion RER620, Relion RER615, Relion REX640, eVD4, REC615, and SMU615 is related to improper initialization of resources. Exploiting this...

The vulnerability of the kvm_vcpu_ioctl_x86_getdebugregss() function (arch/x86/kvm/x86.c) in the KVM virtualization subsystem of the Linux operating system allows a attacker to gain access to protected information.

The vulnerability of the kvmvcpuioctlx86getdebugregss function arch/x86/kvm/x86.c in the KVM virtualization subsystem of the Linux operating system is related to errors during initialization. Exploiting this vulnerability can allow an attacker to gain access to protected information...

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

PT-2023-15729 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Smartphones affected versions not specified Description: The issue is related to data initialization problems in some smartphones. Successful exploitation of this problem may cause a system panic. Recommendations: At the moment, there is no...

CVE-2022-48352

Technical details about CVE-2022-48352 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2023-1076

CVE-2023-1076 describes a Linux kernel flaw in tun/tap initialisation where the socket uid is hardcoded to 0 due to a type confusion. The result can cause tun/tap sockets to be treated as if they have root privileges when filtering/routing decisions are made, potentially bypassing network filters...

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

PT-2023-21431 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 macOS Monterey versions prior to 12.6.4 Description: A memory initialization issue was addressed, which may allow a remote attacker to cause unexpected app termination or arbitrary code execution. Recommendations:...

HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in HarmonyOS, which stems from a data initialization issue that could be exploited by an attacker to cause a system crash...

The vulnerability of the private browsing mode of the Mozilla Firefox browser, which allows a violator to gain unauthorized access to protected information

The vulnerability of the private browsing mode in the Mozilla Firefox browser is related to insufficient protection of service data during the initialization of the autonomous cache. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...