CVE-2022-32823

CVE-2022-32823 describes a memory initialization issue that could allow an app to leak sensitive user information. It is fixed in Apple OS updates: iOS/iPadOS 15.6, macOS Big Sur 11.6.8, macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, and Security Update 2022-005 Catalina. The vulnerability is local...

The vulnerability of the `timerqueue_add` function in the `lib/timerqueue.c` component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the timerqueueadd function in the lib/timerqueue.c component of the Linux operating system is related to memory initialization errors. Exploiting this vulnerability allows an attacker to cause a service failure...

USN-5633-1: Linux kernel vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

Unbreakable Enterprise kernel security update

5.4.17-2136.311.6 - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' Sherry Yang Orabug: 34535896 5.4.17-2136.311.5 - netfilter: nftables: do not allow RULEID to refer to another chain Thadeu Lima de Souza Cascardo Orabug: 34495567 CVE-2022-2586 - netfilter: nftable...

USN-5624-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-kvm, linux-lowlatency vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

CVE-2022-40246

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...

American Megatrends Incorporated Aptio 缓冲区错误漏洞

American Megatrends Incorporated Aptio is a BIOS configuration program. A security vulnerability exists in American Megatrends Incorporated Aptio version 5.x. An attacker could exploit the vulnerability to execute arbitrary code at the PEI stage...

Gentoo和SmokePing 安全漏洞

SmokePing is a network monitoring software developed by Tobias Oetiker, a Swiss software developer. The program's function is to monitor network performance, including monitoring www server performance, monitoring DNS query performance, monitoring SSH performance, and so on. A security...

The vulnerability of Intel Microcode processors lies in initialization errors related to memory access, allowing attackers to gain access to confidential data.

The vulnerability of Intel Microcode processors lies in memory initialization errors. Exploiting this vulnerability allows an attacker to gain access to confidential data...

Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D...

Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D...

CVE-2022-40769

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022...

PT-2022-34204 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: The issue is related to the initialization of jump labels before the parse early param function is called. The actual impact and potential for attack have not been proven yet...

GHSA-MV8X-668M-53FG Elrond-go has improper initialization

Impact Read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only...

GHSA-XG8P-34W2-J49J linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

Siemens Simcenter Femap X_T File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2022-40643

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

CVE-2022-40646

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...