SUSE CVE-2016-4486

The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

SUSE CVE-2017-12911

The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file...

SUSE CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

SUSE CVE-2017-18550

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacgethbainfo does not initialize the hbainfo structure...

SUSE CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

SUSE CVE-2018-20022

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...

SUSE CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...

SUSE CVE-2018-20855

An issue was discovered in the Linux kernel before 4.18.7. In createqpcommon in drivers/infiniband/hw/mlx5/qp.c, mlx5ibcreateqpresp was never initialized, resulting in a leak of stack memory to userspace...

SUSE CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

SUSE CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak CWE-655 in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. Thi...

SUSE CVE-2021-29623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying...

SUSE CVE-2022-41837

An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2022:4146-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4146-1 advisory. The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcppfile.h...

openSUSE 15 Security Update : v4l2loopback (openSUSE-SU-2022:10160-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10160-1 advisory. - Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility fo...

UBUNTU-CVE-2022-2308

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize t...

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

Design/Logic Flaw

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...