Improper Initialization

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B...

CVE-2022-37128

In D-Link DIR-816 A2v1.10CNB04.img the network can be initialized without authentication via /goform/wizardend...

Authentication flaw

In D-Link DIR-816 A2v1.10CNB04.img the network can be initialized without authentication via /goform/wizardend...

USN-5572-2: Linux kernel (AWS) vulnerabilities

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...

The vulnerability of the SBIOS component in the NVIDIA DGX A100 server’s SmbiosPei architecture allows a hacker to execute arbitrary code or cause service failures.

The vulnerability of the SBIOS component in the NVIDIA DGX A100 server’s SmbiosPei firmware is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause system failures...

PT-2022-13442 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB affected versions not specified Description: The issue is related to an insecure default initialization of resources in Apache CouchDB, which could allow an attacker to elevate their privileges to the administrator level...

Timelock can be set by anyone except admin since it was not initialize

Lines of code Vulnerability details Impact Timelock can be manipulate by anyone Proof of Concept Timelock NounsDAOExecutor can be set by anyone since timelock was not set acceptAdmin on initialize so it can be manipulate. Tools Used Manual Review Recommended Mitigation Steps Adding...

AZL-35347 CVE-2022-0175 affecting package virglrenderer for versions less than 0.9.1-3

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

CVE-2022-0175

CVE-2022-0175 affects virglrenderer (VirGL virtual OpenGL renderer). A flaw in how memory is initialized for host-backed resources allows a malicious guest to mmap the guest kernel and read uninitialized host memory, potentially leaking information. Impact is information disclosure; attack vector...

CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

Ubuntu: Security Advisory (USN-819-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5579-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5299-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5582-1: Linux kernel (Azure CVM) vulnerabilities

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. CVE-2022-34918 Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux...

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges...

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

CVE-2022-32480

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure...

CVE-2022-32480

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure...