CVE-2025-37961 ipvs: fix uninit-value for saddr in do_output_route4

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in dooutputroute4 syzbot reports for uninit-value for the saddr argument 1. commit 4754957f04f5 "ipvs: do not use random local source address for tunnels" already implies that the input value of...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21996)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21996 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue...

CVE-2022-49865

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, ifalreserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

The vulnerability of the PSDInput::read_native_scanline() function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library allows a malicious actor to access protected information or cause a service failure.

The vulnerability of the PSDInput::readnativescanline function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a malicious actor to gain access to protected information or cause...

CVE-2025-21996

The CVE-2025-21996 entry concerns the Linux kernel, specifically drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse(). The root cause is that, when a user-space command stream via ioctl to radeon_vce_cs_parse() begins with an encode (case 0x03000001), the function may call radeon_vce...

CVE-2025-21996 drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeonvcecsparse On the off chance that command stream passed from userspace via ioctl call to radeonvcecsparse is weirdly crafted and first command to execute is to encode case...

CVE-2025-2720

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data...

CVE-2025-2720

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data...

CVE-2025-2720

The CVE-2025-2720 entry has technical detail in a connected document: it describes a vulnerability in GNOME libgsf affecting the gsf_base64_encode_simple function. The issue arises from local-access exploitation where manipulating the size argument can cause use of an uninitialized variable. Reme...

CVE-2025-2720

...

CVE-2025-2720

Removed by vendor...

Autodesk 2025 < 2025.1.2 Multiple Vulnerabilities (AutoCAD) (adsk-sa-2025-0001)

The 2025 version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2025.1.2. It is, therefore, affected by multiple vulnerabilities: - A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A...

Autodesk AutoCAD CATProduct File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Siemens SIMATIC S7-1500 TM MFP Use of Uninitialized Variable (CVE-2024-42161)

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...

CVE-2025-1427

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-2014

Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

CVE-2025-1649

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-1650

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-1650

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-1649

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...