CVE-2025-2024

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2025-2024 Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2025-2024

CVE-2025-2024 affects Trimble SketchUp via its SKP file parser. The flaw is an uninitialized memory access in SKP file parsing, allowing an attacker to execute code in the process context. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerab...

CVE-2025-2024 Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visi...

CVE-2025-21843 drm/panthor: avoid garbage value in panthor_ioctl_dev_query()

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthorioctldevquery 'prioritiesinfo' is uninitialized, and the uninitialized value is copied to user object when calling PANTHORUOBJSET. Using memset to initialize 'prioritiesinfo' to avoid th...

PT-2025-10015

Name of the Vulnerable Software and Affected Versions Trimble SketchUp affected versions not specified Description The issue is related to an uninitialized variable in the SKP file parsing mechanism, which can lead to remote code execution. Recommendations At the moment, there is no information...

Important: gstreamer1-plugins-good

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This...

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SK...

Linux Distros Unpatched Vulnerability : CVE-2017-15996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other...

CVE-2022-49298

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xudrvinit When 'tmpU1b' returns from r8712read8padapter, EE9346CR is 0, 'mac6' will not be initialized. BUG: KMSAN: uninit-value in r871xudrvinit+0x2d54/0x3070...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an uninitialized variable in the r871xudrvinit function in the staging rtl8712 driver...

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

CVE-2024-10204

Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the XB and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted...

CVE-2024-8896

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

Amazon Linux 2 : gstreamer1-plugins-good (ALAS-2025-2748)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2748 advisory. GStreamer is a library for constructing graphs of media-handling components. The program attempts to...

The vulnerability of the br_dev_xmit() function in the net/bridge/br_device.c module of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the brdevxmit function in the net/bridge/brdevice.c file of the Linux operating system is related to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the protected information...

Amazon Corretto Java 11.x < 11.0.26.4.1 Vulnerability

The version of Amazon Corretto installed on the remote host is 11 prior to 11.0.26.4.1. It is, therefore, affected by a vulnerability as referenced in the corretto-11-2025-Jan-21 advisory. - Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stac...

CVE-2025-21630

...

PT-2025-4311 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the io uring/net component, where the kmsg-msg.msg inq variable may be used uninitialized. This can occur...

The vulnerability of the add inode_ref() function in the fs/btrfs/tree-log.c file of the Linux kernel’s file system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the add inoderef function in the fs/btrfs/tree-log.c file of the Btrfs file system in Linux kernels is related to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...