CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

CVE-2026-46132

A flaw was found in the Linux kernel's rtnetlink component. The rtnlfillvfinfo function declares a structure on the stack without full initialization. When processing RTMGETLINK requests with a specific attribute, an unprivileged local process can exploit this to read up to 26 bytes of...

Astra Linux - уязвимость в gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A vulnerability related to uninitialized stack variables has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When the size is less than 4, the program calls gstbufferunmap with an...

EUVD-2026-12586

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source connection tools developed by OpenBSD in Canada for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...

CVE-2026-24798

CVE-2026-24798 concerns an improper restriction of operations within the bounds of a memory buffer tied to GaijinEntertainment’s DagorEngine (and related 3rd‑party modules such as miniupnpc). Connected sources indicate affected software/versions include DagorEngine up to dagor_2025_01_15, Cardboa...

CVE-2026-24798 An Uninitialized stack variable vulnerability in GaijinEntertainment/DagorEngine

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...

CVE-2026-24798 An Uninitialized stack variable vulnerability in GaijinEntertainment/DagorEngine

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001244 advisory. Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive...

MiracleLinux 7 : qemu-kvm-1.5.3-167.el7 (AXSA:2019-4177:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4177:04 advisory. QEMU: Slirp: information leakage in tcpemu due to uninitialized stack variables CVE-2019-9824 Tenable has extracted the preceding description block directly...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002584)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002584 advisory. The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; th...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002809 advisory. Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002950)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002950 advisory. The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; th...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003203)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003203 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...

MiracleLinux 8 : rsync-3.1.3-20.el8_10 (AXSA:2025-9543:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9543:02 advisory. rsync: Info Leak via Uninitialized Stack Contents CVE-2024-12085 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

CVE-2020-24753

A memory corruption vulnerability in Objective Open CBOR Run-time oocborrt in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation CBOR input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings...

CVE-2025-40221

In the Linux kernel, the following vulnerability has been resolved: media: pci: mg4b: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the scan structure is zeroed before use...

JLSEC-2025-324 A flaw was found in rsync which could be triggered when rsync compares file checksums

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53680)

ipvs: vulnerability causes undefined behavior due to uninitialized stack access in ipvsprotocolinit, which is fixed by zeroing the on-stack buffer to prevent out-of-bound accesses. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

CVE-2025-12829

An uninitialized stack read issue exists in Amazon Ion-C versions...