Vulnerabilities (CVE)

Filtered by CWE-665
Total 290 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46301 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-02-28 N/A 4.4 MEDIUM
Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-45085 1 Softiron 1 Hypercloud 2024-02-28 N/A 3.3 LOW
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
CVE-2022-46487 1 Scontain 1 Scone 2024-02-28 N/A 7.8 HIGH
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.
CVE-2022-45109 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-02-28 N/A 5.5 MEDIUM
Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-49062 1 Facebook 1 Katran 2024-02-28 N/A 7.5 HIGH
Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f
CVE-2023-27306 1 Intel 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more 2024-02-28 N/A 5.5 MEDIUM
Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-35342 1 Gnu 1 Binutils 2024-02-28 N/A 7.5 HIGH
GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.
CVE-2022-38083 1 Intel 474 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 471 more 2024-02-28 N/A 4.4 MEDIUM
Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-1719 1 Bitrix24 1 Bitrix24 2024-02-28 N/A 9.8 CRITICAL
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.
CVE-2023-22356 1 Intel 422 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 419 more 2024-02-28 N/A 4.4 MEDIUM
Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-20594 1 Amd 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more 2024-02-28 N/A 4.4 MEDIUM
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-27887 1 Intel 48 Nuc 11 Pro Board Nuc11tnbi3, Nuc 11 Pro Board Nuc11tnbi30z, Nuc 11 Pro Board Nuc11tnbi30z Firmware and 45 more 2024-02-28 N/A 4.4 MEDIUM
Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-20597 1 Amd 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more 2024-02-28 N/A 5.5 MEDIUM
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-22444 1 Intel 222 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 219 more 2024-02-28 N/A 4.4 MEDIUM
Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-5370 1 Freebsd 1 Freebsd 2024-02-28 N/A 5.5 MEDIUM
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.
CVE-2023-40349 1 Jenkins 1 Gogs 2024-02-28 N/A 5.3 MEDIUM
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
CVE-2023-37479 1 Openenclave 1 Openenclave 2024-02-28 N/A 7.5 HIGH
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability.
CVE-2023-31926 1 Broadcom 1 Brocade Fabric Operating System 2024-02-28 N/A 7.1 HIGH
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
CVE-2023-25010 1 Autodesk 1 Maya Usd 2024-02-28 N/A 7.8 HIGH
A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.
CVE-2022-48518 1 Huawei 2 Emui, Harmonyos 2024-02-28 N/A 5.5 MEDIUM
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.