UBUNTU-CVE-2019-13220

Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

PT-2019-13187 · Nothinq · Stb Vorbis

Name of the Vulnerable Software and Affected Versions: stb vorbis versions through 2019-03-04 Description: The issue is related to the use of uninitialized stack variables in the start decoder function, which can be exploited by opening a crafted Ogg Vorbis file. This can lead to a denial of...

CVE-2019-13220

Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

Kernel: KVM: leak of uninitialized stack contents to guest

An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object hold...

SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2019:1867-1)

This update for libxslt fixes the following issues : Security issues fixed : CVE-2019-13118: Fixed a read of uninitialized stack data bsc1140101. CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters bsc1140095. Note th...

RHEL 6 : qemu-kvm (RHSA-2019:1650)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1650 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...

Information Disclosure

Linux kernel is vulnerable to information disclosure. The vulnerability exists because of incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel. Local users could obtain sensitive information from uninitialized stack data by triggering...

CVE-2018-6981

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the...

CVE-2018-6982

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest...

Design/Logic Flaw

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest...

CVE-2018-6981

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the...

VMSA-2018-0027 : VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

a. vmxnet3 uninitialized stack memory usage VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter. This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are n...

VMware ESXi, Workstation and Fusion Uninitialized Stack Memory Usage Vulnerability

VMware ESXi, Workstation, and Fusion are all products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers; VMware Workstation is a suite of virtual machine software; and Fusion is a suite of virtual machine software that is designed t...

VMware ESXi, Workstation and Fusion Uninitialized Stack Memory Usage Vulnerability (CNVD-2018-22943)

VMware ESXi, Workstation, and Fusion are all products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers; VMware Workstation is a suite of virtual machine software; and Fusion is a suite of virtual machine software that is designed t...

VMSA-2018-0027:VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

VMSA-2018-0027 VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0027 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware ESXi, Workstation, and Fusion...

CVE-2018-14876

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

CVE-2018-14876

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

CVE-2018-14876

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

Android Information Disclosure Vulnerability (CNVD-2018-12805)

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in versions of Android prior to 2018-06-05 on Google Pixel and Nexus...