Lucene search
+L

1549 matches found

OSV
OSV
added 2017/04/09 12:0 a.m.4 views

UBUNTU-CVE-2017-7593

tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image...

5.5CVSS6.8AI score0.02117EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/11/03 8:8 a.m.5 views

kernel: Information leak in events in timer.c

A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user withou...

5.5CVSS7.1AI score0.01202EPSS
Exploits5References4
OSV
OSV
added 2016/10/30 10:59 p.m.2 views

DEBIAN-CVE-2016-9113

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-comps0.data is not assigned a value after initializationNULL. Impact is Denial of Service...

7.5CVSS6.9AI score0.0305EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/12 12:0 a.m.4 views

Android Qualcomm QDSP6v2 Driver Information Disclosure Vulnerability (CNVD-2016-09038)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA.Qualcomm QDSP6v2 driver is one of the Qualcomm digital signal processor drivers. An information disclosure vulnerability exists in the drivers/misc/qcom/qdsp6v2/audioutils.c file in...

5.5CVSS6.1AI score0.00577EPSS
Exploits0References1
OSV
OSV
added 2016/10/10 10:59 a.m.2 views

CVE-2016-6681

drivers/misc/qcom/qdsp6v2/audioutils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug...

5.5CVSS5.8AI score0.00577EPSS
Exploits0References3
OSV
OSV
added 2016/10/10 10:59 a.m.5 views

UBUNTU-CVE-2015-8950

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dmammap call...

5.5CVSS6.7AI score0.01457EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2016/08/31 12:0 a.m.11 views

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the ethtoolgetwol function in the net/core/ethtool.c file of Linux kernels up to version 4.7 in the Android operating system is related to the absence of initialization of the data structure. Exploiting this vulnerability could allow a remote attacker to obtain confidential...

6.5CVSS6.6AI score0.00519EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2016/08/10 10:47 a.m.3 views

USN-3054-1 linux-lts-xenial vulnerabilities

Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-3135 It was...

7.8CVSS7.1AI score0.01009EPSS
Exploits2References5
OSV
OSV
added 2016/08/10 10:1 a.m.3 views

USN-3052-1 linux vulnerabilities

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service system crash. CVE-2016-4470 Kangjie Lu discovered an...

5.5CVSS6.7AI score0.00582EPSS
Exploits0References3
OSV
OSV
added 2016/07/11 1:59 a.m.7 views

CVE-2016-3743

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 27907656...

9.8CVSS6.1AI score0.01075EPSS
Exploits0References2
OSV
OSV
added 2016/07/11 1:59 a.m.5 views

UBUNTU-CVE-2016-3743

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 27907656...

9.8CVSS7.7AI score0.01075EPSS
Exploits0References3
OSV
OSV
added 2016/05/23 10:59 a.m.4 views

DEBIAN-CVE-2016-4486

The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

3.3CVSS7.3AI score0.0171EPSS
Exploits4References1
OSV
OSV
added 2016/05/23 10:59 a.m.4 views

DEBIAN-CVE-2016-4485

The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...

7.5CVSS7.4AI score0.04671EPSS
Exploits0References1
OSV
OSV
added 2016/05/23 12:0 a.m.3 views

UBUNTU-CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the 1 sndtimeruserccallback and 2 sndtimerusertinterrupt...

5.5CVSS6.7AI score0.01202EPSS
Exploits5References17
OSV
OSV
added 2016/05/23 12:0 a.m.5 views

UBUNTU-CVE-2016-4569

The sndtimeruserparams function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface...

5.5CVSS6.7AI score0.00835EPSS
Exploits0References18
OSV
OSV
added 2016/05/23 12:0 a.m.4 views

UBUNTU-CVE-2016-4486

The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

3.3CVSS6.7AI score0.0171EPSS
Exploits4References16
OSV
OSV
added 2016/05/23 12:0 a.m.2 views

UBUNTU-CVE-2016-4580

The x25negotiatefacilities function in net/x25/x25facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request...

7.5CVSS7AI score0.04178EPSS
Exploits0References17
OSV
OSV
added 2016/05/09 10:59 a.m.5 views

UBUNTU-CVE-2016-2459

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and...

5.5CVSS6.4AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2016/04/18 12:0 a.m.1 views

UBUNTU-CVE-2016-1654

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service invalid read operation via unknown vectors...

6.5CVSS7AI score0.01201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2016/02/07 12:0 a.m.5 views

PT-2018-12655

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description An issue was discovered in the chmd.c file of libmspack, where an off-by-one error in the CHM PMGI/PMGL chunk number validity checks could lead to denial of service. This occurs due to an...

8.8CVSS8.1AI score0.04878EPSS
Exploits7References158
Rows per page
Query Builder