CVE-2022-40530

CVE-2022-40530 describes memory corruption in WLAN caused by an integer overflow that progresses to a buffer overflow during WLAN initialization. The issue is documented in Qualcomm closed-source WLAN components and is reflected in multiple sources (NVD/Red Hat/CVE lists); exploitation status and...

Contract not initialized after deployment

Lines of code Vulnerability details Impact In ReaperStrategyGranarySupplyOnly.sol, the initialize function is not called after deployment. Left open to unintended behaviour and/or an attacker calling the initialize function, gaining control of core permissions and functions, as highlighted in the...

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...

PT-2023-13814 · Qualcomm · Snapdragon +171

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in WLAN due to an integer overflow leading to a buffer overflow during the initialization phase. No information is...

Address(0) check on array of addresses is not performed

Lines of code Vulnerability details Impact Likelihood-Impact = Severity Low-High = Medium Proof of Concept function initialize address vault, address memory strategists, address memory multisigRoles,// @audit array both length check IAToken gWant calls to another ReaperBaseStrategyinit in contrac...

ReaperBaseStrategyv4 is not Initializable

Lines of code Vulnerability details Impact ReaperStrategyGranarySupplyOnly calls function ReaperBaseStrategyinit from ReaperBaseStrategyv4, but ReaperBaseStrategyv4 is not Initializable. If the ReaperBaseStrategyinit function is not called during contract initialization, it can cause critical...

PT-2023-35468 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.168 Description: The issue is related to the zero-initialization of the zlib workspace in btrfs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...

PT-2023-35415 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.12 Description: The issue concerns the initialization of the zlib workspace in btrfs. It has been noted that the zlib workspace is not properly zero-initialized, which may potentially lead to security issue...

USN-5925-1 linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

USN-5920-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

The vulnerability of the Linux operating system’s Infrared Transceiver USB driver allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s Infrared Transceiver USB driver is related to the incorrect initialization of the URB control block USB Request Block. Exploiting this vulnerability can allow an attacker to cause a service failure...

CLSA-2023-1677783628 nss: Fix of CVE-2022-34480

CVE-2022-34480: nss: fix using of uninitialized pointer in lginit...

Man-in-the-Middle Attack (MITM)

github.com/edgelesssys/constellation is vulnerable to Man-in-the-Middle Attacks MITM. The vulnerability exists because attestation user data, including the digest of a public key in a aTLS connection are incorrectly bound to the issuers TPM, not the PCR state. If an attacker can intercept a node...

openssl: NULL dereference during PKCS7 data verification

A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...

CVE-2021-22283

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

Input validation

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

CVE-2021-22283 MMS File Transfer Vulnerability impact on Distribution Automation products

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

CVE-2021-22283 MMS File Transfer Vulnerability impact on Distribution Automation products

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

CVE-2023-1047

A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may...