UBUNTU-CVE-2019-19067

Four memory leaks in the acphwinit function in drivers/gpu/drm/amd/amdgpu/amdgpuacp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service memory consumption by triggering mfdaddhotplugdevices or pmgenpdadddevice failures, aka CID-57be09c6e874. NOTE: third parties dispute...

CVE-2019-14565

Insufficient initialization in IntelR SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access...

CVE-2019-1409

An information disclosure vulnerability exists when the Windows Remote Procedure Call RPC runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'...

CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw...

Windows Remote Procedure Call Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows Remote Procedure Call RPC runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an...

EulerOS 2.0 SP3 : icu (EulerOS-SA-2019-2248)

According to the version of the icu packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The collator implementation in i18n/ucol.cpp in International Components for Unicode ICU 52 through SVN revision 293126, as used in Google Chrome befo...

Code injection

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640,...

CVE-2019-2323

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640,...

CVE-2019-2323

CVE-2019-2323 describes a lack of validation of user-passed crypto engine data, which can lead to a bus error in Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer IOT/Industrial IOT, Mobile, Voice & Music, Wearables) across numerous SDM/SDX/SD platforms. Root cause is uninitia...

python: Missing salt initialization in _elementtree.c module

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

Information Disclosure

kernel is vulnerable to Information Disclosure. It can happen because it does not fully initialize structures that are copied to userspace in the function cryptoreportone in crypto/cryptouser.c...

kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c

A flaw was found in the way the fm10k driver in the Linux kernel reacted to memory-related errors during driver initialization. This flaw allows a local attacker to cause a denial of service and crash the system...

kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c

A flaw was found in the way the fm10k driver in the Linux kernel reacted to memory-related errors during driver initialization. This flaw allows a local attacker to cause a denial of service and crash the system...

CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

Popup-Maker < 1.8.12 - Multiple Vulnerabilities

An attacker can partially control the arguments of the doaction, during the initialization of the PUMSite . Because of this, an attacker can call any method which contains an action starting from popmake or pum . This will lead to successful execution of functions which do not require arguments...

CVE-2017-9788

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

CVE-2019-17064

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor...

CVE-2019-17064

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor...

UBUNTU-CVE-2019-17064

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor...

CVE-2019-9320

In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624...