15440 matches found
CVE-2026-57053
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...
CVE-2026-57053
CVE-2026-57053 affects GNU libidn before 1.44, with out-of-bounds reads of uninitialized memory in the ToUnicode APIs due to mishandling in idna_to_unicode_internal; the vulnerable code is not present in libidn2. The CVSSv3.1 base score is 4.0 (Medium), with LOCAL attack vector, HIGH complexity, ...
CVE-2026-56968
GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsas...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
Moderate: Red Hat Security Advisory: openssl-fips-provider security update
An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
GHSA-9CV2-CFXC-V4V2 Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes
Summary Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. Nokogiri 1.19.4 checks for missing native data pointers and raises a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first gain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw resides within...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ppp: Fixed the “KMSAN: uninit-value” warning with bpf. Syzbot detected a “KMSAN: uninit-value” warning 1. This issue arises because the ppp driver does not initialize a 2-byte header when using socket filter. The following code c...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: virtio/vsock: Fixed an uninit-value issue in virtiotransportrecvpkt KMSAN reported the following uninit-value access issues: ===================================================== BUG: KMSAN: uninit-value in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: A potential uninit-value access in ip6makeskb has been fixed. Just as it was done in the commit fc1092f51567 „ipv4: Fix uninit-value access in ipmakeskb for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags. Instead of checki...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc remained uninitialized. This meant that callers had to explicitly set the fields...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mac80211: Only QoS data frames are tracked for admission control. For admission control, it clearly only applies to QoS data frames. Otherwise, we wouldn’t even be able to access the QoS field in the header. Syzbot reported an...
Astra Linux – Vulnerability in Inkscape
Inkscape version 0.91 has a vulnerability where an uninitialized pointer exists, which may allow an attacker to access unauthorized information...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netrom: Check the buffer length before accessing it. Syzkaller reports an issue where an uninit value is read from ax25cmp when sending raw messages through the ieee802154 implementation...
Astra Linux – Vulnerability in binutils
GNU Binutils prior to version 2.34 has a vulnerability related to uninitialized heaps in the function tic4xprintcond file opcodes/tic4x-dis.c. This vulnerability could allow attackers to cause an information leak...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - mm/mempolicy: No longer allows the illegal combination of MPOLFNUMABALANCING and MPOLLOCAL in mbind. - syzbot reported access to uninitialized memory in mbind. The issue arose with the commit bda420b98505 “NUMA balancing:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: hsr: Fixed uninit-value access in fillframeinfo Syzbot reports the following uninit-value access problems. ===================================================== BUG: KMSAN: uninit-value in fillframeinfo net/hsr/hsrforward.c:60...