EUVD-2018-18236

Malware in sbrugna...

UBUNTU-CVE-2025-38006

In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifaindex when missing In mctpdumpaddrinfo, ifaindex can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible i...

Linux Distros Unpatched Vulnerability : CVE-2024-27431

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdprxqinfo struct before running XDP program When running an XDP...

UBUNTU-CVE-2025-21709

In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dupmmap failures and uprobe registering If a memory allocation fails during dupmmap, the maple tree can be left in an unsafe state for other iterators besides the exit path. All the locks are dropped...

CVE-2024-11403

A flaw was found in the libjxl package. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression, such as using JxlEncoderAddJPEGFrame on untrusted input, does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli,...

CVE-2024-11403

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds in the presence o...

CVE-2024-11403 Out of Bounds Memory Read/Write in libjxl

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds in the presence o...

CVE-2024-26807 spi: cadence-qspi: fix pointer reference in runtime PM hooks

In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi -runtimesuspend and -runtimeresume implementations start with: struct cqspist cqspi = devgetdrvdatadev; struct spicontroller host = devgetdrvdatadev; This obviously cannot be correct, unless "struct cqspist" ...

CVE-2024-26807

In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi -runtimesuspend and -runtimeresume implementations start with: struct cqspist cqspi = devgetdrvdatadev; struct spicontroller host = devgetdrvdatadev; This obviously cannot be correct, unless "struct cqspist" ...

CVE-2024-26807

In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi -runtimesuspend and -runtimeresume implementations start with: struct cqspist cqspi = devgetdrvdatadev; struct spicontroller host = devgetdrvdatadev; This obviously cannot be correct, unless "struct cqspist" ...

FreeBSD : h2o -- uninitialised memory access in HTTP3 (1d3677a8-9143-42d8-84a3-0585644dff4b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1d3677a8-9143-42d8-84a3-0585644dff4b advisory. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access...

Information Disclosure

pdns is vulnerable to information disclosure. The vulnerability exists as crafted zone records can leak uninitialised memory...

Denial Of Service (DoS) Through Uninitialized Memory Exposure

concat-with-sourcemaps is vulnerable to denial of service DoS through uninitialised memory exposure. The attacker can launch the attack if a large number is used to set as a separator...

Information Disclosure

concat-stream is vulnerable to information disclosure. A malicious user can pass a number to the stringConcat function to cause it to print out uninitialised memory in the stream...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-431)

This update for java-170-openjdk fixes the following issues : java-170-openjdk was updated to 2.6.5 - OpenJDK 7u99 boo972468 - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX...

information leak via gnttab_setup_table on ARM

ISSUE DESCRIPTION When initialising an internal data structure on ARM platform Xen was not correctly initialising the memory containing the list of a domain's grant table pages. This list is returned by the GNTTABOPsetuptable subhypercall, leading to an information leak. IMPACT Malicious guest...

Debian DSA-2548-1 : tor - several vulnerabilities

Several vulnerabilities have been discovered in Tor, an online privacy tool. - CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote crash, resulting in denial of service. - CVE-2012-3519 Try t...

Secunia Research: Adobe Reader JPEG Uninitialised Memory Vulnerability

====================================================================== Secunia Research 30/06/2010 - Adobe Reader JPEG Uninitialised Memory Vulnerability - ====================================================================== Table of Contents Affected...

Opera 10.x Content Writing Uninitialised Memory Vulnerability

A vulnerability has been discovered in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when e.g. continuously writing content to a page using document.write and results in a function call using uninitialised memory when ...

kernel: tc: uninitialised kernel memory leak

The tcfilltclass function in net/sched/schapi.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain 1 tcmpad1 and 2 tcmpad2 structure members, which might allow local users to obtain sensitive information from kernel memory via...