250 matches found
CVE-2026-54500 Oj: intern.c form_attr has an uninitialized stack read
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...
CVE-2026-53243
A flaw was found in the Linux kernel. An uninitialized stack variable in the rseqexituserupdate function can lead to an information leak. This occurs due to an indeterminate sequencing of expressions during the initialization of the rseqids structure, where ids.nodeid is assigned using an...
UBUNTU-CVE-2026-53243
In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseqexituserupdate There is an bug in which an uninitialized stack variable is used in rseqexituserupdate as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseqsetidsgetcsadd...
Linux Distros Unpatched Vulnerability : CVE-2026-52995
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to ...
CVE-2026-52995
In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...
CVE-2026-9754
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...
UBUNTU-CVE-2026-9754
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from...
JLSEC-2026-569
OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...
PT-2026-49252
OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...
CVE-2026-48840
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...
CVE-2026-46132
A flaw was found in the Linux kernel's rtnetlink component. The rtnlfillvfinfo function declares a structure on the stack without full initialization. When processing RTMGETLINK requests with a specific attribute, an unprivileged local process can exploit this to read up to 26 bytes of...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A vulnerability related to uninitialized stack variables has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When the size is less than 4, the program calls gstbufferunmap with an...
EUVD-2026-12586
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...
OpenSSH 安全漏洞
OpenSSH OpenBSD Secure Shell is a set of open-source connection tools developed by OpenBSD in Canada for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...
CVE-2026-24798 An Uninitialized stack variable vulnerability in GaijinEntertainment/DagorEngine
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...
CVE-2026-24798 An Uninitialized stack variable vulnerability in GaijinEntertainment/DagorEngine
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...
CVE-2026-24798
CVE-2026-24798 concerns an improper restriction of operations within the bounds of a memory buffer tied to GaijinEntertainment’s DagorEngine (and related 3rd‑party modules such as miniupnpc). Connected sources indicate affected software/versions include DagorEngine up to dagor_2025_01_15, Cardboa...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001244)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001244 advisory. Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive...
MiracleLinux 7 : qemu-kvm-1.5.3-167.el7 (AXSA:2019-4177:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4177:04 advisory. QEMU: Slirp: information leakage in tcpemu due to uninitialized stack variables CVE-2019-9824 Tenable has extracted the preceding description block directly...