kernel: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...

kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

A dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition...

CVE-2022-40643

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

SUSE-SU-2025:0131-1 Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059164 fixes several issues. The following security issues were fixed: - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637. -...

AZL-53672 CVE-2024-50264 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

(0Day) Ashlar-Vellum Cobalt STP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Oracle Linux 7 : qemu (ELSA-2021-9638)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9638 advisory. - ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packe...

Amazon Linux 2 : qemu (ALAS-2023-2169)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2169 advisory. An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the...

SUSE CVE-2009-1698

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...

The vulnerability of the bpf_sys_bpf() function in the Linux operating system’s BPF subsystem allows a hacker to gain unauthorized access to protected information.

The vulnerability of the bpfsysbpf function in the Linux kernel’s BPF subsystem stems from the operation of pushing data out of the buffer into memory during pointer initialization. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

CVE-2022-40646

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

CVE-2022-40643

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

(0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XB...

EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2022-2071)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the aticursordefine routine while...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-2071)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : libslirp (SUSE-SU-2022:1465-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1465-1 advisory. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinp...

CVE-2022-21168

The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure...

CVE-2022-21168

Fuji Electric Alpha5 is affected by CVE-2022-21168 due to an invalid pointer initialization in C5V file parsing, enabling information disclosure. The root cause is an uninitialized pointer accessed during parsing, with vulnerability details appearing in multiple sources (NVD entry, ICS advisory, ...

CVE-2022-21168 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure...