Remote code execution

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution...

CVE-2023-25010

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution...

CVE-2023-25010

CVE-2023-25010 affects Autodesk Maya USD Plugin (prior to 0.23.0). The root cause is an uninitialized variable when handling a malicious USD file, which may allow code execution. Reported in multiple sources (e.g., Autodesk security advisory ADSK-SA-2023-0003; Nessus plugin notes) with a CVSSv3.1...

CVE-2023-25010

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution...

Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2023-26386 ZDI-CAN-20266: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Substance 3D Stager version 2.0.1 and earlier is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

CVE-2023-26387 ZDI-CAN-20265: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Substance 3D Stager version 2.0.1 and earlier is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

Microsoft Windows Remote Desktop Connection Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has been compromised or otherwise under...

CVE-2022-25737 Use of Uninitialized Variable in MODEM

Information disclosure in modem due to missing NULL check while reading packets received from local network...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-098 advisory. 2024-02-15: CVE-2022-3591 was added to this advisory. 2024-02-15: CVE-2022-3520 was added to this advisory. A flaw was found in vim. A possible heap-based buffer overflow could allow an attacke...

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial of Service DoS attacks. Memory corruption can be triggered when decoding UTF16 strings if the variable 'outlen' is not initialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory spac...

The vulnerability of the Linux operating system’s Bluetooth driver allows a hacker to gain access to protected information.

The vulnerability of the Linux operating system’s Bluetooth kernel driver is related to the use of an uninitialized variable efs in the l2capparseconfreq function. Exploiting this vulnerability could allow a remote attacker to gain access to protected information...

K02360853: NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195

Security Advisory Description CVE-2015-5194 The logconfigcommand function in ntpparser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service ntpd crash via crafted logconfig commands. CVE-2015-5195 ntpopenssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attacke...

SUSE CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

SUSE CVE-2011-4100

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

SUSE CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

SUSE CVE-2013-3557

The dissectberchoice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet...

SUSE CVE-2013-4920

The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet...

SUSE CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

SUSE CVE-2019-7321

Usage of an uninitialized variable in the function fzloadjpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code...