Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22466 | 1 Tokio | 1 Tokio | 2024-11-21 | N/A | 5.4 MEDIUM |
| Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that `pipe_mode` is set first after initializing a `ServerOptions`. | |||||
| CVE-2023-22444 | 1 Intel | 222 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 219 more | 2024-11-21 | N/A | 6.0 MEDIUM |
| Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-22356 | 1 Intel | 422 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 419 more | 2024-11-21 | N/A | 6.0 MEDIUM |
| Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-1719 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-21 | N/A | 7.5 HIGH |
| Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables. | |||||
| CVE-2023-1048 | 2 Microsoft, Techpowerup | 2 Windows, Dram Calculator For Ryzen | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807. | |||||
| CVE-2023-1047 | 1 Techpowerup | 1 Realtemp | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0397 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 9.6 CRITICAL |
| A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. | |||||
| CVE-2022-48518 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.5 MEDIUM |
| Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance. | |||||
| CVE-2022-46301 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 1.9 LOW |
| Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-46164 | 1 Nodebb | 1 Nodebb | 2024-11-21 | N/A | 9.4 CRITICAL |
| NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit. | |||||
| CVE-2022-45109 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 3.3 LOW |
| Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-39384 | 1 Openzeppelin | 2 Contracts, Contracts Upgradeable | 2024-11-21 | N/A | 5.6 MEDIUM |
| OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible in the scenario described above, breaking the expectation that there is a single execution. Note that upgradeable proxies are commonly initialized together with contract creation, where reentrancy is not feasible, so the impact of this issue is believed to be minor. This issue has been patched, please upgrade to version 4.4.1. As a workaround, avoid untrusted external calls during initialization. | |||||
| CVE-2022-38083 | 1 Intel | 474 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 471 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-37128 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | |||||
| CVE-2022-36364 | 1 Apache | 1 Apache Calcite Avatica | 2024-11-21 | N/A | 8.8 HIGH |
| Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor. | |||||
| CVE-2022-36061 | 1 Elrond | 1 Elrond Go | 2024-11-21 | N/A | 6.5 MEDIUM |
| Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds. | |||||
| CVE-2022-34153 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 8.2 HIGH |
| Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32231 | 1 Intel | 362 Xeon Bronze 3104, Xeon Bronze 3104 Firmware, Xeon Bronze 3106 and 359 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||