Filtered by CWE-665
Filtered by vendor Subscriptions
Total 401 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1048 2 Microsoft, Techpowerup 2 Windows, Dram Calculator For Ryzen 2024-11-21 5.3 Medium
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.
CVE-2023-0397 1 Zephyrproject 1 Zephyr 2024-11-21 9.6 Critical
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
CVE-2022-48518 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.5 Medium
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.
CVE-2022-48352 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.
CVE-2022-46505 1 Matrixssl 1 Matrixssl 2024-11-21 7.5 High
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.
CVE-2022-46487 1 Scontain 1 Scone 2024-11-21 7.8 High
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.
CVE-2022-46301 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 1.9 Low
Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-46164 1 Nodebb 1 Nodebb 2024-11-21 9.4 Critical
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.
CVE-2022-45109 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 3.3 Low
Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-43468 1 Wordpress Popular Posts Project 1 Wordpress Popular Posts 2024-11-21 7.5 High
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input.
CVE-2022-40768 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 5.5 Medium
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-3259 1 Redhat 1 Openshift 2024-11-21 7.4 High
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
CVE-2022-39384 1 Openzeppelin 2 Contracts, Contracts Upgradeable 2024-11-21 5.6 Medium
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization.
CVE-2022-39284 1 Codeigniter 1 Codeigniter 2024-11-21 2.6 Low
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA.
CVE-2022-38083 1 Intel 474 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 471 more 2024-11-21 6.1 Medium
Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-37334 1 Intel 22 Nuc 11 Pro Board Nuc11tnbi30z, Nuc 11 Pro Board Nuc11tnbi30z Firmware, Nuc 11 Pro Board Nuc11tnbi50z and 19 more 2024-11-21 7 High
Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-37128 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
CVE-2022-36364 1 Apache 1 Apache Calcite Avatica 2024-11-21 8.8 High
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor.
CVE-2022-36061 1 Elrond 1 Elrond Go 2024-11-21 6.5 Medium
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.
CVE-2022-34153 1 Intel 1 Battery Life Diagnostic Tool 2024-11-21 8.2 High
Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.