libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

ESXi 5.5 < Build 5230635 Multiple Vulnerabilities (VMSA-2017-0006) (remote check) (PCI-DSS check)

The version of the remote VMware ESXi 5.5 host is prior to build 5230635. It is, therefore, affected by multiple vulnerabilities: - VMware ESXi 5.5 without patch ESXi550-201703401-SG has a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. CVE-2017-4902 - VMwa...

openSUSE 15 Security Update : libu2f-host (openSUSE-SU-2021:1755-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1755-1 advisory. - Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An...

CentOS 8 : virt:rhel (CESA-2019:3345)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3345 advisory. - QEMU: qxl: null pointer dereference while releasing spice resources CVE-2019-12155 - ntfs-3g: heap-based buffer overflow leads to local root privileg...

DEBIAN-CVE-2017-9103

An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...

CVE-2017-9103

An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...

CVE-2020-13899

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

Stack overflow

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janusprocessincomingrequest in janus.c discloses information from uninitialized stack memory...

CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

CVE-2019-14060

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

Code injection

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2019-14060

CVE-2019-14060 is a vulnerability described as uninitialized stack data usage when memory for a blob is not allocated or is smaller than the required struct, caused by a missing check of the return value for read/write blob operations in Qualcomm Snapdragon components (Android/Snapdragon Auto, Co...

CVE-2019-14060

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2020-1017)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1017)

According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length...

Kernel: KVM: leak of uninitialized stack contents to guest

An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object hold...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2019:2029 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190806)

Security Fixes : - QEMU: Slirp: information leakage in tcpemu due to uninitialized stack variables CVE-2019-9824 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128257; scriptversion"1.4";...