The vulnerability of the __f2fs_setxattr() function in the fs/f2fs/xattr.c file of the Linux file system’s f2fs kernel module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the f2fs file system in Linux operating systems is related to the use of an uninitialized buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

SUSE CVE-2021-47064

In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76dmatxqueueskbraw, its field skipunmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command...

OESA-2024-1231 stb security update

Single-file public domain libraries for C/C++. Security Fixes: stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to...

DEBIAN-CVE-2021-47064

In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76dmatxqueueskbraw, its field skipunmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command...

UBUNTU-CVE-2021-47064

In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76dmatxqueueskbraw, its field skipunmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command...

SUSE CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the stbihdrload and stbitgaload functions. An attacker can read a specified number of bytes from context into an uninitialized buffer by manipulating the file stream to point to the end. This is only...

UBUNTU-CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

Design/Logic Flaw

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

kernel: ipvlan: out-of-bounds write caused by unclear skb->cb

A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-cb initialization in ipoptionsecho and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalati...

Code injection

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file...

CVE-2023-3488 Uninitialized variable in Gecko Bootloader can leak secure stack

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file...

PT-2023-25045 · Silicon · Silicon Labs Gsdk

Name of the Vulnerable Software and Affected Versions: Silicon Labs GSDK versions 4.3.0 and earlier Description: The issue is related to an uninitialized buffer in the GBL parser, which allows an attacker to leak data from the Secure stack by using a malformed GBL file. Recommendations: For Silic...

CVE-2023-0836

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...

PT-2025-18799

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel-infoleak issue has been identified in the Linux kernel, specifically in the nilfs2 file system. The nilfs ioctl wrap copy function, which handles ioctl commands, may copy...

SUSE CVE-2011-1044

The ibuverbspollcq function in drivers/infiniband/core/uverbscmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fille...

SUSE CVE-2011-1160

The tpmopen function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors...

SUSE CVE-2014-5163

The APN decode functionality in 1 epan/dissectors/packet-gtp.c and 2 epan/dissectors/packet-gsmagm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service application...