CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

CVE-2022-46301

Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access...

CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

OSV-2025-404 Use-of-uninitialized-value in JS_FreeRuntime

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=419346940 Crash type: Use-of-uninitialized-value Crash state: JSFreeRuntime fuzzeval.c asyncfuncinit...

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

CVE-2022-24378

Improper initialization in the IntelR Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2022-33298

Memory corruption due to use after free in Modem while modem initialization...

CVE-2022-45109

Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-26721

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges...

CVE-2021-31254

Buffer overflow in the tencboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes...

CVE-2021-30962

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information...

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...

CVE-2021-25340

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State...

CVE-2021-30337

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2020-9227

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this...

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

CVE-2020-27950

A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...