CVE-2022-29968

CVE-2022-29968 affects the Linux kernel up to version 5.17.5, where io_rw_init_file in fs/io_uring.c fails to initialize kiocb->private. This can lead to kernel memory leakage or exposure as described in connected advisories (e.g., CNVD/Ubuntu notes). A patch/remediation is not explicitly deta...

CVE-2022-29968

An issue was discovered in the Linux kernel through 5.17.5. iorwinitfile in fs/iouring.c lacks initialization of kiocb-private...

SUSE SLES15 Security Update : libslirp (SUSE-SU-2022:1465-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1465-1 advisory. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinp...

Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

`array!` macro is unsound when its length is impure constant

Affected versions of this crate did substitute the array length provided by an user at compile-time multiple times. When an impure constant expression is passed as an array length such as a result of an impure procedural macro, this can result in the initialization of an array with uninitialized...

Apache Doris hardcoded key and IV

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

GHSA-98J2-HFXP-8H8R Apache Doris hardcoded key and IV

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

Patch Management: HCL BigFix Computer Info Initialization

Binary data hclbigfixinitinfo.nbin...

The vulnerability of the routing protocol demon on the Junos operating system, which allows a attacker to cause a service failure

The vulnerability of the routing protocol demon on the Junos operating system is related to improper initialization. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Important: python-pillow

Issue Overview: A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or...

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

Exploit for SQL Injection in Djangoproject Django

CVE-2022-28346 Django QuerySet.annotate, aggregate, extr...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

USN-5390-1: Linux kernel vulnerabilities

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 David Bouman discovered that the netfilter subsystem in t...

Apache Doris 信任管理问题漏洞

Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...

Unbreakable Enterprise kernel security update

4.14.35-2047.512.6 - Revert 'rds/ib: recover rds connection from stuck rx path' Rohit Nair Orabug: 34039271 - uek-rpm: update kABI lists for new symbols Saeed Mirzamohammadi Orabug: 33993774 4.14.35-2047.512.5 - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug:...

GSD-2022-1002501 scsi: pm8001: Fix abort all task initialization

scsi: pm8001: Fix abort all task initialization This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

GSD-2022-1002438 scsi: pm8001: Fix abort all task initialization

scsi: pm8001: Fix abort all task initialization This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.276 by commit...

GSD-2022-1002382 netfilter: nf_tables: initialize registers in nft_do_chain()

netfilter: nftables: initialize registers in nftdochain This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.237 by commit...