Search
Total
215 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0847 | 7 Fedoraproject, Linux, Netapp and 4 more | 39 Fedora, Linux Kernel, H300e and 36 more | 2024-01-12 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. | |||||
| CVE-2022-46487 | 1 Scontain | 1 Scone | 2024-01-05 | N/A | 7.8 HIGH |
| Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. | |||||
| CVE-2020-1592 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 2.1 LOW | 4.4 MEDIUM |
| <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p> | |||||
| CVE-2020-16901 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-31 | 2.1 LOW | 5.0 MEDIUM |
| <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p> | |||||
| CVE-2021-1661 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-45085 | 1 Softiron | 1 Hypercloud | 2023-12-12 | N/A | 3.3 LOW |
| An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3. | |||||
| CVE-2020-5529 | 4 Apache, Canonical, Debian and 1 more | 4 Camel, Ubuntu Linux, Debian Linux and 1 more | 2023-12-07 | 6.8 MEDIUM | 8.1 HIGH |
| HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application. | |||||
| CVE-2023-49062 | 1 Facebook | 1 Katran | 2023-12-04 | N/A | 7.5 HIGH |
| Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f | |||||
| CVE-2023-27306 | 1 Intel | 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more | 2023-11-30 | N/A | 5.5 MEDIUM |
| Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-5370 | 1 Freebsd | 1 Freebsd | 2023-11-24 | N/A | 5.5 MEDIUM |
| On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. | |||||
| CVE-2023-28737 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 7.8 HIGH |
| Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46301 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 4.4 MEDIUM |
| Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-45109 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-1719 | 1 Bitrix24 | 1 Bitrix24 | 2023-11-09 | N/A | 9.8 CRITICAL |
| Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables. | |||||
| CVE-2020-35342 | 1 Gnu | 1 Binutils | 2023-08-25 | N/A | 7.5 HIGH |
| GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | |||||
| CVE-2023-40349 | 1 Jenkins | 1 Gogs | 2023-08-18 | N/A | 5.3 MEDIUM |
| Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. | |||||
| CVE-2023-22444 | 1 Intel | 222 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 219 more | 2023-08-18 | N/A | 4.4 MEDIUM |
| Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-27887 | 1 Intel | 48 Nuc 11 Pro Board Nuc11tnbi3, Nuc 11 Pro Board Nuc11tnbi30z, Nuc 11 Pro Board Nuc11tnbi30z Firmware and 45 more | 2023-08-18 | N/A | 4.4 MEDIUM |
| Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-38083 | 1 Intel | 474 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 471 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-22356 | 1 Intel | 422 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 419 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-46505 | 1 Matrixssl | 1 Matrixssl | 2023-08-08 | N/A | 7.5 HIGH |
| An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. | |||||
| CVE-2022-2620 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2023-08-08 | N/A | 8.8 HIGH |
| Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2023-31926 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-08-07 | N/A | 7.1 HIGH |
| System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
| CVE-2023-3242 | 1 Br-automation | 1 Automation Runtime | 2023-08-04 | N/A | 5.9 MEDIUM |
| Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: <G4.93. | |||||
| CVE-2023-37479 | 1 Openenclave | 1 Openenclave | 2023-07-28 | N/A | 7.5 HIGH |
| Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-27934 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 8.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2021-39636 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel | |||||
| CVE-2021-0423 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714. | |||||
| CVE-2021-1820 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. | |||||
| CVE-2022-1122 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2022-06-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. | |||||
| CVE-2021-20317 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-06-14 | 4.9 MEDIUM | 4.4 MEDIUM |
| A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. | |||||
| CVE-2017-14159 | 2 Openldap, Oracle | 2 Openldap, Blockchain Platform | 2022-06-13 | 1.9 LOW | 4.7 MEDIUM |
| slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | |||||
| CVE-2022-29695 | 1 Unicorn-engine | 1 Unicorn Engine | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | |||||
| CVE-2022-26721 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | |||||
| CVE-2022-26722 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-28688 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-05-27 | 2.1 LOW | 6.5 MEDIUM |
| The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. | |||||
| CVE-2022-21724 | 4 Debian, Fedoraproject, Postgresql and 1 more | 4 Debian Linux, Fedora, Postgresql Jdbc Driver and 1 more | 2022-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2021-30962 | 1 Apple | 2 Macos, Tvos | 2022-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. | |||||
| CVE-2018-0926 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901. | |||||
| CVE-2018-0895 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | |||||
| CVE-2018-0897 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | |||||
| CVE-2018-0901 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926. | |||||
| CVE-2018-0811 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | |||||
| CVE-2018-0813 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. | |||||
| CVE-2018-0814 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. | |||||
| CVE-2022-0947 | 1 Abb | 48 Arc600a2323na, Arc600a2323na Firmware, Arc600a2324na and 45 more | 2022-05-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. | |||||
| CVE-2021-26353 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2022-05-18 | 7.2 HIGH | 7.8 HIGH |
| Due to a mishandled error, it is possible to leave the DRTM UApp in a partially initialized state, which can result in unchecked memory writes when the UApp handles subsequent mailbox commands. | |||||
| CVE-2022-22719 | 3 Apache, Debian, Fedoraproject | 3 Http Server, Debian Linux, Fedora | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||||
| CVE-2022-20731 | 1 Cisco | 3 Catalyst Digital Building Series Switches, Catalyst Digital Building Series Switches Firmware, Ios Rommon | 2022-05-16 | 7.2 HIGH | 6.8 MEDIUM |
| Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-22815 | 2 Debian, Python | 2 Debian Linux, Pillow | 2022-05-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | |||||