Design/Logic Flaw

Improper initialization of shared resources in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-24316

Schneider Electric IGSS Data Server (IGSSdataServer.exe) is affected by CVE-2022-24316, a CWE-665 Improper Initialization vulnerability (information exposure) in the IGSS Data Server v15.0.0.22020 and prior. Exploitation involves sending a specially crafted message to the server (the vulnerabilit...

CVE-2021-0119

Improper initialization in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via physical access...

Interactive Graphical SCADA System Data Server 安全漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An initialization error vulnerability exists in the Schneider Electric Interactive Graphical...

Rocky Linux 8 : GNOME (RLSA-2021:1586)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1586 advisory. - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS...

AlmaLinux 8 : GNOME (ALSA-2021:1586)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1586 advisory. - The keyfile settings backend in GNOME GLib aka glib2.0 before 2.60.0 creates directories using gfilemakedirectorywithparents kfsb-dir, NULL, NULL and...

GHSA-88G8-F5MF-F5RJ Improper Initialization in OpenZeppelin

In OpenZeppelin =v4.4.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an...

CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

CVE-2022-23573

TensorFlow's AssignOp implementation can copy uninitialized data to a new tensor, causing undefined behavior. This CVE (CVE-2022-23573) affects the TensorFlow core kernel related to AssignOp. The issue arises because the left-hand side is initialized, but the right-hand side is not checked for in...

Elfloader - An Architecture-Agnostic ELF File Flattener For Shellcode

elfloader is a super simple loader for ELF files that generates a flat in-memory representation of the ELF. Pair this with Rust and now you can write your shellcode in a proper, safe, high-level language. Any target that LLVM can target can be used, including custom target specifications for real...

PT-2022-16091 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.3 TensorFlow versions prior to 2.7.1 TensorFlow versions prior to 2.8.0 Description: There is a typo in TensorFlow's SpecializeType which results in heap out-of-bounds read/write. Due to the typo, arg is...

ControllerV1.sol initialization function callable multiple times

Handle sirhashalot Vulnerability details Impact The initialize function in ControllerV1.sol has a comment of "This function is not supposed to call multiple times" but it has no checks that prevent it from being called multiple times. An initialization function should only be possible to call onc...

OpenLevV1.sol initialization function callable multiple times

Handle sirhashalot Vulnerability details Impact The initialize function in OpenLevV1.sol has a comment of "This function is not supposed to call multiple times" but it has no checks that prevent it from being called multiple times. An initialization function should only be possible to call once...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

UBUNTU-CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

The vulnerability of the Telnet service in JunOS Evolved operating systems allows a perpetrator to influence the integrity and confidentiality of the protected information.

The vulnerability of the Telnet service in JunOS Evolved operating systems is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to influence the integrity and confidentiality of the protected information...

The vulnerability of the nf_tables_newset function (net/netfilter/nf_tables_api.c) in Linux operating system kernels, which allows a hacker to cause a service failure

The vulnerability of the nftablesnewset function net/netfilter/nftablesapi.c in Linux operating systems is related to memory initialization errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

Bentley View JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...