Use-After-Free

openssl is vulnerable to Use-After-Free. The vulnerability exists because there is a missing check for the return value from the initialization function which allows an attacker to cause an application crash...

GSD-2023-1001685 wifi: mac80211: fix initialization of rx->link and rx->link_sta

wifi: mac80211: fix initialization of rx-link and rx-linksta This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.8 by commit...

PT-2023-34864 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.164 Description: A NULL-deref issue was discovered in the init error path of the EFI module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2025-53057

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the MediaTek mtk-svs driver. Specifically, if the system boots without a full reset such as via kexec, a peripheral might trigger an interrup...

Exploit for Improper Initialization in Linux Linux_Kernel

DIRTY PIPE CVE-2022-0847 This is a kernel vulnerability th...

libreoffice security update

7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-8 - Resolves: rhbz2134759 Untrusted Macros - Resolves: rhbz2134757 Weak Master Keys - Resolves: rhbz2134755 Static...

libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...

RHEL 9 : libreoffice (RHSA-2023:0304)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

CVE-2023-0385

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

libreoffice security update

6.4.7.2-12.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:6.4.7.2-12 - Resolves: rhbz2134752 CVE-2022-26305 Untrusted Macros - Resolves: rhbz2134751 CVE-2022-26307 Weak Master Keys -...

GSD-2023-1000941 cpufreq: Init completion before kobject_init_and_add()

cpufreq: Init completion before kobjectinitandadd This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000322 Bluetooth: Fix not cleanup led when bt_init fails

Bluetooth: Fix not cleanup led when btinit fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.269 by commit...

GSD-2023-1000274 Bluetooth: Fix not cleanup led when bt_init fails

Bluetooth: Fix not cleanup led when btinit fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.227 by commit...

GSD-2023-1000212 Bluetooth: Fix not cleanup led when bt_init fails

Bluetooth: Fix not cleanup led when btinit fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.159 by commit...

PT-2023-34018 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: The issue is related to the initialization process in the cpufreq component, where the kobject init and add function is called after the initialization is completed. This problem was...

PT-2023-33566 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue is related to the initialization process in the cpufreq component, where the completion of initialization occurs before the kobject init and add function is called. This problem wa...

PT-2024-11879 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the nixge hw dma bd release function. This issue arises when the allocation of priv-rx bd v...

PT-2023-33521 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue is related to the initialization of fsdata in the pagecache write function in the ext4 filesystem. The actual impact and attack plausibility have not yet been proven...

PT-2023-33352 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.19 through 5.4.226 Description: The issue is related to a missing INIT LIST HEAD in the ieee802154 if add function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

Design/Logic Flaw

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...