Design/Logic Flaw

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

properties-reader 安全漏洞

properties-reader is a Node.js property reader compatible with ini files by Steve King, a personal developer. A security vulnerability exists in properties-reader prior to version 2.2.0, which stems from the package's susceptibility to prototype contamination, and which can be exploited by an...

LibreOffice 安全特征问题漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

ion-parser 安全漏洞

ion-parser is 418sec open source one of the fastest and lightest Javascript parser for TOML and ION files . A security vulnerability exists in ion-parser that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to submit malicious INI files to...

The vulnerability of the microprogramming software in the integrated facial authentication module of Intel RealSense ID Solution F450 allows a intruder to disclose protected information.

The vulnerability of the microprogramming software in the integrated facial authentication module of Intel RealSense ID Solution F450 is related to initialization errors. Exploiting this vulnerability can allow attackers to disclose protected information...

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate...

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird, related to errors during initialization of variables, allow attackers to trigger a service failure.

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to errors during initialization. Exploiting these vulnerabilities can allow a malicious actor to trigger service interruptions by using a specially created message...

[SECURITY] Fedora 35 Update: golang-github-google-wire-0.4.0-6.fc35

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

Vault implementation can be selfdestructed due to lack of initialization

Lines of code Vulnerability details Impact HIGH - Assets can be lost directly Anybody can initialize the Vault's implementation contract. The worst case would be to selfdestruct and make all the already deployed and to be deployed Vault's proxies useless and assets in the deployed proxies will be...

EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2022-2071)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the aticursordefine routine while...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-2071)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Photoshop U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

_initiate() function can be called multiple times at GovernorBravoDelegate.sol

Lines of code Vulnerability details Impact initiate function is supposed to be called only once, but it can be called many times which are not expected behavior. Proof of Concept function initiate external requiremsg.sender == admin, "GovernorBravo::initiate: admin only"; requireinitialProposalId...

Huawei MindSpore Community numeric error vulnerability

Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...

Upgraded Q -> M from 18 [1656705895450]

Judge has assessed an item in Issue 18 as Medium risk. The relevant finding follows: Multiple initialization The initialize method of the BkdLocker contract allows it to be started multiple times as long as the value startBoost=0 is set. Abuse these settings to his advantage. Affected source code...

CVE-2022-32480

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure...

Multiple initialization in NoteInterest

Lines of code Vulnerability details Impact The initialize method of the contract NoteInterest can be initialized multiple times. Proof of Concept The method initialize of the contract NoteInterest looks like this: function initializeaddress cnoteAddr, address oracleAddress external if msg.sender ...

GSD-2022-1003563 RDMA/hfi1: Prevent use of lock before it is initialized

RDMA/hfi1: Prevent use of lock before it is initialized This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...