Nextcloud Server < 22.2.9, 23.x < 23.0.6, 24.x < 24.0.2 Improper Initialization (GHSA-2vwh-5v93-3vcq)

Nextcloud Server is prone to an insufficient logging vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-33716

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory...

Information disclosure

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory...

OESA-2022-1808 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: trackheader in...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices ICCC TA Module SMR Aug-2022 Release 1 prior to Release 1, which stems from a lack of variable...

Critical: exim

Issue Overview: Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory owned by a non-root user, a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. CVE-2020-28007 Exim 4 before 4.94....

GHSA-XV97-C62V-4587 NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...

NetBSD Kernel getkerninfo System Call Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the stat...

GSD-2022-1004562 KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()

KVM: x86: Fully initialize 'struct kvmlapicirq' in kvmpvkickcpuop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.132 by commit...

GSD-2022-1004167 KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()

KVM: x86: Fully initialize 'struct kvmlapicirq' in kvmpvkickcpuop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.13 by commit...

[SECURITY] Fedora 36 Update: golang-github-google-wire-0.5.0-4.fc36

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

Ubuntu 16.04 ESM : Intel Microcode vulnerabilities (USN-5535-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5535-1 advisory. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive...

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

CVE-2022-30271

The CVE-2022-30271 entry concerns Motorola Solutions ACE1000 RTU (through 2022-05-02) shipping with a hardcoded SSH private key. Red Hat and CISA advisories confirm the root cause: the initialization scripts (e.g., /etc/init.d/sshd_service) do not generate a new key if a private-key file exists, ...

DEBIAN-CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

Design/Logic Flaw

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

properties-reader 安全漏洞

properties-reader is a Node.js property reader compatible with ini files by Steve King, a personal developer. A security vulnerability exists in properties-reader prior to version 2.2.0, which stems from the package's susceptibility to prototype contamination, and which can be exploited by an...