UBUNTU-CVE-2023-52763

In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DATdata. The i3cmasterbusinit function may attach the I2C devices before the I3C bus initialization. In this flow, the DAT allocentry will be used before the DAT init...

Intel Power Gadget 安全漏洞

Intel Power Gadget is a software-based power consumption monitoring tool for Intel Core processors from Intel Corporation USA. A security vulnerability exists in Intel Power Gadget that stems from an improper initialization issue. It could allow an authenticated user to conduct a denial of servic...

CVE-2024-26897 wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: delay all of ath9kwmieventtasklet until init is complete The ath9kwmieventtasklet used in ath9khtc assumes that all the data structures have been fully initialised by the time it runs. However, because of the order i...

SUSE CVE-2024-28084

p2putil.c in iNet wireless daemon IWD through 2.15 allows attackers to cause a denial of service daemon crash or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails...

DEBIAN-CVE-2021-47077

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedfupdatelinkspeed The following trace was observed: 14.042059 Call Trace: 14.042061 14.042068 qedflinkupdate+0x144/0x1f0 qedf 14.042117 qedlinkupdate+0x5c/0x80 qed 14.042135...

CVE-2024-26614 tcp: make sure init the accept_queue's spinlocks once

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

PT-2023-31489 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this issue, where...

PT-2023-29364 · Galleon · Galeon

Name of the Vulnerable Software and Affected Versions: Galleon affected versions not specified Description: An improper initialization issue was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This could allow an attacker to acces...

Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

PT-2023-18452 · Intel · Intel Nuc Bios Firmware

Name of the Vulnerable Software and Affected Versions: IntelR NUC BIOS firmware affected versions not specified Description: The issue is related to improper initialization in the IntelR NUC BIOS firmware, which may allow a privileged user to potentially enable information disclosure via local...

CVE-2023-26136

A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

Qualcomm Chipsets 代码问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption issue that occurs when the API for calling the instance ID differs from the instance ID received in initialization...

Code injection

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

OPENSUSE-SU-2023:0111-1 Security update for qt6-svg

This update for qt6-svg fixes the following issues: - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm boo1211298...

PT-2025-25984 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the vdpa sim blk device, where two new fields nas, ngroups were added to vdpasim dev attr but not...

PT-2025-18620 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A warning in the ip6 route net exit late function has been fixed. During the initialization of ip6 route net init late, if the ipv6 route or rt6 stats file fails to be created, the...

CVE-2023-27934

A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution...

USN-5994-1 haproxy vulnerability

It was discovered that HAProxy incorrectly initialized certain connection buffers. A remote attacker could possibly use this issue to obtain sensitive information...

CVE-2022-28319

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...