Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper initializatio...

CVE-2024-40854

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination...

CVE-2024-46896

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 "drm/sched: memset 'job' in drmschedjobinit" accessing job-base.sched can produce unexpected results as the initialisation of job-base.sched done in amdgpujoballoc is...

CVE-2024-55916

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP or VSS daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hvutils: Registering HyperV Utility Drive...

CVE-2024-46896

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 "drm/sched: memset 'job' in drmschedjobinit" accessing job-base.sched can produce unexpected results as the initialisation of job-base.sched done in amdgpujoballoc is...

PT-2025-40065

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The adapter-chan stats array within the mwifiex module is not properly initialized to zero, potentially leading to an information leak. The array is allocated using vmalloc, which does n...

CVE-2024-53221

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fssubmitpagebio There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range 0x0000000000000020-0x0000000000000027 RIP:...

CVE-2024-53221 f2fs: fix null-ptr-deref in f2fs_submit_page_bio()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fssubmitpagebio There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range 0x0000000000000020-0x0000000000000027 RIP:...

CVE-2024-12289

Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...

CVE-2024-54129 Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7

The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part SSP...

CVE-2024-8842

PDF-XChange Editor is affected by CVE-2024-8842 due to an uninitialized memory access in the RTF file parsing path, enabling potential remote code execution. The flaw is triggered when a user opens a malicious RTF file or visits a page hosting exploit code, with the attacker gaining code executio...

PT-2024-21006 · Intel +1 · Intel Killer Wi-Fi +2

Name of the Vulnerable Software and Affected Versions: IntelR PROSet/Wireless Software and IntelR KillerTM Wi-Fi versions prior to 23.40 Description: The issue is related to improper initialization in firmware, which may allow a privileged user to potentially enable information disclosure via loc...

kernel: block: fix request.queuelist usage in flush

A vulnerability was found in the Linux kernel's block subsystem, where the issue arises when the request queue list is not properly initialized for the first request in the PREFLUSH/POSTFLUSH sequences, leading to potential kernel crashes due to improper list manipulation...

CVE-2024-42018

An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration...

About the security content of macOS Sequoia 15

About the security content of macOS Sequoia 15 This document describes the security content of macOS Sequoia 15. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

CVE-2022-48876

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx-link and rx-linksta There are some codepaths that do not initialize rx-linksta properly. This causes a crash in places which assume that rx-linksta is valid if rx-sta is valid. One known...

CVE-2024-40931

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snduna is properly initialized on connect This is strictly related to commit fb7a0d334894 "mptcp: ensure sndnxt is properly initialized on connect". It turns out that syzkaller can trigger the retransmit after...

CVE-2024-40931

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snduna is properly initialized on connect This is strictly related to commit fb7a0d334894 "mptcp: ensure sndnxt is properly initialized on connect". It turns out that syzkaller can trigger the retransmit after...

PT-2024-30693

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns handling an invalid decoder vsi in the vpu dec init function to ensure the decoder vsi is valid for future use. This is related to the media: mediatek: vcodec componen...

kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...