Vulnerabilities > Insecure Default Initialization of Resource

DATE CVE VULNERABILITY TITLE RISK
2024-05-21 CVE-2021-47343 Insecure Default Initialization of Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g.
local
low complexity
linux CWE-1188
5.5
2024-02-20 CVE-2024-25610 Insecure Default Initialization of Resource vulnerability in Liferay Digital Experience Platform
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.
network
low complexity
liferay CWE-1188
5.4
2024-02-20 CVE-2024-26267 Insecure Default Initialization of Resource vulnerability in Liferay Portal
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.
network
low complexity
liferay CWE-1188
5.3
2023-10-12 CVE-2023-27516 Insecure Default Initialization of Resource vulnerability in Softether VPN 4.419782/5.01.9674
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674.
local
low complexity
softether CWE-1188
7.8
2023-10-10 CVE-2023-45312 Insecure Default Initialization of Resource vulnerability in Mtproto MT Proto Proxy
In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
network
low complexity
mtproto CWE-1188
8.8
2023-10-04 CVE-2023-5368 Insecure Default Initialization of Resource vulnerability in Freebsd
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g.
network
low complexity
freebsd CWE-1188
6.5
2023-08-14 CVE-2023-35689 Insecure Default Initialization of Resource vulnerability in Google Android 11.0/13.0
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value.
local
low complexity
google CWE-1188
7.8
2023-06-30 CVE-2023-3485 Insecure Default Initialization of Resource vulnerability in Temporal
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request.
local
high complexity
temporal CWE-1188
3.6
2023-05-24 CVE-2023-33949 Insecure Default Initialization of Resource vulnerability in Liferay Digital Experience Platform and Liferay Portal
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control.
network
low complexity
liferay CWE-1188
7.5
2023-05-19 CVE-2023-1618 Insecure Default Initialization of Resource vulnerability in Mitsubishielectric Melsec Ws0-Geth00200 Firmware
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory.
network
low complexity
mitsubishielectric CWE-1188
8.6