1549 matches found
UBUNTU-CVE-2017-7593
tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image...
kernel: Information leak in events in timer.c
A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user withou...
DEBIAN-CVE-2016-9113
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-comps0.data is not assigned a value after initializationNULL. Impact is Denial of Service...
Android Qualcomm QDSP6v2 Driver Information Disclosure Vulnerability (CNVD-2016-09038)
Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA.Qualcomm QDSP6v2 driver is one of the Qualcomm digital signal processor drivers. An information disclosure vulnerability exists in the drivers/misc/qcom/qdsp6v2/audioutils.c file in...
CVE-2016-6681
drivers/misc/qcom/qdsp6v2/audioutils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug...
UBUNTU-CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dmammap call...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the ethtoolgetwol function in the net/core/ethtool.c file of Linux kernels up to version 4.7 in the Android operating system is related to the absence of initialization of the data structure. Exploiting this vulnerability could allow a remote attacker to obtain confidential...
USN-3054-1 linux-lts-xenial vulnerabilities
Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-3135 It was...
USN-3052-1 linux vulnerabilities
It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service system crash. CVE-2016-4470 Kangjie Lu discovered an...
CVE-2016-3743
decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 27907656...
UBUNTU-CVE-2016-3743
decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 27907656...
DEBIAN-CVE-2016-4486
The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...
DEBIAN-CVE-2016-4485
The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...
UBUNTU-CVE-2016-4578
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the 1 sndtimeruserccallback and 2 sndtimerusertinterrupt...
UBUNTU-CVE-2016-4569
The sndtimeruserparams function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface...
UBUNTU-CVE-2016-4486
The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...
UBUNTU-CVE-2016-4580
The x25negotiatefacilities function in net/x25/x25facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request...
UBUNTU-CVE-2016-2459
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and...
UBUNTU-CVE-2016-1654
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service invalid read operation via unknown vectors...
PT-2018-12655
Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description An issue was discovered in the chmd.c file of libmspack, where an off-by-one error in the CHM PMGI/PMGL chunk number validity checks could lead to denial of service. This occurs due to an...