Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...

Delta Electronics CNCSoft-G2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION...

Tinyproxy HTTP request parsing uninitialized memory vulnerability

Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially craft...

Apple DCERPC allocation hint uninitialized memory disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1675 Apple DCERPC allocation hint uninitialized memory disclosure vulnerability July 13, 2023 CVE Number None SUMMARY An information disclosure vulnerability exists in the call fault reporting functionality of DCERPC library as used in Apple macOS 12.6.1 that...

VMware DCERPC call request uninitialized memory heap overflow vulnerability

Talos Vulnerability Report TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-20892 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in VMware vCenter Server...

SecurePoint UTM 12.x Memory Leak Vulnerability

ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Score: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N...

Texas Instruments CC3200 SimpleLink Solution HTTP Server /ping.html information disclosure vulnerability

Summary An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability...

AlmaLinux 8 : wavpack (ALSA-2020:1581)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:1581 advisory. - The function WavpackPackInit in packutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service resource exhaustion...

EulerOS 2.0 SP2 : php (EulerOS-SA-2021-2423)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x belo...

Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability

Summary A code execution vulnerability exists in the mqueue inode initialization functionality of Microsoft Azure Sphere 21.01. A specially crafted set of syscalls can lead to uninitialized kernel read, which in turn leads to code execution in kernel. To trigger this vulnerability, an attacker ca...

EulerOS 2.0 SP8 : wavpack (EulerOS-SA-2019-2095)

According to the versions of the wavpack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults...

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

Design/Logic Flaw

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

Design/Logic Flaw

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

CVE-2019-1010317

CVE-2019-1010317 affects WavPack 5.1.0 and earlier. Root cause: use of an uninitialized variable in ParseCaffHeaderConfig (caff.c:486). Attack: malformed WAV files could trigger unexpected control flow, crashes or segfaults (DoS). Fixed version released after commit f68a9555b548306c5b1ee45199ccdc...

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...