Total
260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22719 | 5 Apache, Apple, Debian and 2 more | 7 Http Server, Mac Os X, Macos and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||||
| CVE-2022-20731 | 1 Cisco | 3 Catalyst Digital Building Series Switches, Catalyst Digital Building Series Switches Firmware, Ios Rommon | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
| Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-26722 | 1 Apple | 2 Mac Os X, Macos | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-0119 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2024-02-04 | 4.6 MEDIUM | 6.2 MEDIUM |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-22186 | 1 Juniper | 2 Ex4650, Junos | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R1. | |||||
| CVE-2022-22657 | 1 Apple | 3 Garageband, Logic Pro X, Macos | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-20661 | 1 Cisco | 6 Cdb-8p, Cdb-8u, Cmicr-4pc and 3 more | 2024-02-04 | 4.9 MEDIUM | 4.6 MEDIUM |
| Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-24316 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2021-0145 | 2 Intel, Netapp | 121 Celeron 6305, Celeron 6305e, Celeron 6600he and 118 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0125 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2024-02-04 | 4.6 MEDIUM | 6.6 MEDIUM |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-0947 | 1 Abb | 48 Arc600a2323na, Arc600a2323na Firmware, Arc600a2324na and 45 more | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. | |||||
| CVE-2021-26353 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Due to a mishandled error, it is possible to leave the DRTM UApp in a partially initialized state, which can result in unchecked memory writes when the UApp handles subsequent mailbox commands. | |||||
| CVE-2022-26721 | 1 Apple | 2 Mac Os X, Macos | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | |||||
| CVE-2022-1122 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. | |||||
| CVE-2021-44169 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 4.6 MEDIUM | 8.8 HIGH |
| A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | |||||
| CVE-2022-29695 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | |||||
| CVE-2021-1857 | 1 Apple | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2021-41264 | 1 Openzeppelin | 1 Contracts | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). | |||||
| CVE-2021-46320 | 1 Openzeppelin | 1 Openzeppelin | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution. | |||||
| CVE-2022-22815 | 2 Debian, Python | 2 Debian Linux, Pillow | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | |||||