Bentley MicroStation CONNECT JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Bentley View TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF...

Important: kernel

Issue Overview: A NULL pointer dereference flaw may occur in the Linux kernel's relayopen in kernel/relay.c. if the allocpercpu function is not validated in time of failure and used as a valid address for access. An attacker could use this flaw to cause a denial of service. CVE-2019-19462 A new...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-1034)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0144)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.

...

Local variables are not initialized

Handle SolidityScan Vulnerability details Description The contract was found to be using local variables which were not initialized. This may introduce errors in the code if these variables are used anywhere without initialization as the default value for the variable type will be taken. Impact...

CVE-2022-22164

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can...

Input validation

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can...

Input validation

An Improper Initialization vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart GR helper mode even though...

CVE-2022-22169

CVE-2022-22169 affects Juniper Networks Junos OS and Junos OS Evolved. An improper initialization in the routing protocol daemon (rpd) can cause OSPFv3 to enter graceful-restart GR helper mode when a attacker sends crafted packets in specific order/timing, potentially causing a DoS via a stalled ...

CVE-2022-22164

The CVE describes an Improper Initialization in Juniper Networks Junos OS Evolved where a commit operation to disable Telnet does not take effect, leaving Telnet enabled. Affected are Junos OS Evolved releases prior to 20.4R2-S2-EVO; 21.1 (21.1R1-EVO) and later; and 21.2 releases prior to 21.2R2-...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

UBUNTU-CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

wolfSSL 安全特征问题漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded system developers from Wolfssl USA. wolfSSL has a security vulnerability that stems from the use of non-random IV values for x prior to 5.1.1 under certain circumstances. This affects AES-CBC or DES3...

PT-2022-13011 · Unknown +4 · Virglrenderer +4

Name of the Vulnerable Software and Affected Versions: virglrenderer affected versions not specified Description: A flaw was found in the VirGL virtual OpenGL renderer. The issue arises from improper memory initialization when allocating a host-backed memory resource. A malicious guest could...

Security update for virglrenderer (important)

openSUSE Security Update: Security update for virglrenderer Announcement ID: openSUSE-SU-2022:0111-1 Rating: important References: 1194601 Cross-References: CVE-2022-0175 CVSS scores: CVE-2022-0175 SUSE: 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 An...

Security Bulletin: Crypto Hardware Initialization and Maintenance is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Crypto Hardware Initialization and Maintenance CHIM 3.0.0 as shipped with CCA 7.2.55 for MTM 4769 is affected by several vulnerabilities in Apache Log4j CVE-2021-45105 and CVE-2021-45046. CHIM is using Apache Log4j for internal logging purposes of regular user activity. The fix includes...