Linux kernel resource initialization vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel version 5.17.5 and prior versions have a security vulnerability that stems from a missing initialization of kiocb-private in iorwinitfile in fs/iouring.c. No detailed vulnerability details a...

Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...

GHSA-VFCG-5GGC-3RXX Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...

Exploit for Improper Initialization in Linux Linux_Kernel

DirtyPipe-CVE-2022-0847 This repository is d...

Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...

Juniper Junos OS Vulnerability (JSA69494)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69494 advisory. - Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface em0 but not destined to the...

Apple macOS Big Sur 安全漏洞

Apple macOS Big Sur is the 17th major version of Apple's macOS Big Sur, the operating system used by Apple for the MAC operating system macOS. Apple macOS Big Sur suffers from a security vulnerability that originates from a CVMS initialization error. An attacker can exploit the vulnerability to...

GHSA-R5X3-2446-HRP7 Race Condition in Jenkins

A race condition during Jenkins 2.81 through 2.94 inclusive; 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related...

Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

GHSA-Q4V9-QJMW-J7VF Insecure Default Initialization of Resource in Pivotal Spring Web Flow

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

GHSA-R9Q2-3R6X-QMGP Inadequate Encryption Strength in Jenkins

Jenkins before versions 2.44 and 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

GHSA-CHG9-3C3P-CH23 Lemur uses static IV per key

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode...

CVE-2021-33130

Insecure default variable initialization of IntelR RealSenseTM ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access...

Information disclosure

Insecure default variable initialization of IntelR RealSenseTM ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access...

CVE-2021-33130

Insecure default variable initialization of IntelR RealSenseTM ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access...

CVE-2021-33130

Insecure default variable initialization of IntelR RealSenseTM ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access...

CVE-2021-33130

CVE-2021-33130 targets Intel RealSense ID Solution F450 before 2.6.0.74. The issue arises from insecure default variable initialization, potentially allowing an unauthenticated user to disclose information via physical access. Impact is described as partial confidentiality loss (C:H) with no inte...

Updated gerbv packages fix security vulnerability

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev commit b5f1eacd, and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker ca...

2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory

Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine CSME, Server Platform Services SPS, Intel® Trusted Execution Engine TXE, Intel® Dynamic Application Loader DAL, Intel® Active Management Technology AMT, Intel® Standard Manageability ISM and Intel®...

Code injection

Acrobat Reader DC versions 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context of the current user...