The vulnerability of the sis5595_probe driver in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sis5595probe handler in the loaded modules of drivers/hwmon/sis5595.ko in the Linux operating system arises due to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting a device that appears to be LM...

The vulnerability of the lnstat network statistics collection program, related to memory initialization errors, allows a hacker to cause a service failure.

The vulnerability of the lnstat network statistics collection program is related to memory initialization errors. Exploiting this vulnerability can allow an attacker to cause the program to terminate abnormally due to a SIGSEGV signal, caused by attempting to access memory at address 0 after...

The vulnerability in the implementation of the ips_init_phase1 function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability in the implementation of the ipsinitphase1 function, which is called from the ipsinsertdevice handler in the loaded module drivers/scsi/ips.ko of the Linux operating system, stems from a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library allows a perpetrator to trigger a service failure.

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library is related to initialization errors. Exploiting this vulnerability can allow attackers to cause service failures in applications by entering specially crafted data...

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library allows a perpetrator to trigger a service failure.

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library is related to initialization errors. Exploiting this vulnerability can allow attackers to cause service failures in applications by entering specially crafted data...

EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1666)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,...

PRODSECBUG-2267: Use of insufficiently random values when generating initialization vector

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

kernel: race condition in snd_seq_write() may lead to UAF or OOB-access

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

Microsoft Windows gdiplus Font Parsing Uninitialized Pointer Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Information disclosure

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure an...

CVE-2019-1039

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Design/Logic Flaw

aareadheader in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables...

Poppler heap buffer overread vulnerability (CNVD-2019-15934)

Poppler is based on xpdf-3.0 code base PDF rendering library. A heap buffer over-read vulnerability exists in JPXStream::init in JPEG2000Stream.cc in Poppler 0.76.1 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service via data with inconsistent height or...

UBUNTU-CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...

CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...

Fedora Update for pacemaker FEDORA-2019-b502250ba4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...