CVE-2019-14079

CVE-2019-14079 describes a design/logic flaw leading to access to an uninitialized variable when a driver unmapps a DMA buffer for a request that was never mapped, causing a kernel failure on Snapdragon platforms (Auto/Compute/Consumer IoT/Industrial IoT/Wearables across listed Snapdragon devices...

CVE-2019-14079

Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables i...

PT-2020-15278 · Libvips +3 · Libvips +3

Name of the Vulnerable Software and Affected Versions: libvips versions prior to 8.8.2 Description: The issue is related to an uninitialized variable in the im vips2dz function, located in /libvips/libvips/deprecated/im vips2dz.c. This may cause the leakage of the remote server path or stack...

Huawei EulerOS: Security Advisory for gd (EulerOS-SA-2019-2335)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-1458

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at October 19, 2020 5:31pm UTC reported: Known as WizardOpium for its use in the...

EulerOS Virtualization for ARM 64 3.0.3.0 : gd (EulerOS-SA-2019-2335)

According to the version of the gd package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PH...

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

Command injection

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

CVE-2019-11038

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

EulerOS 2.0 SP8 : wavpack (EulerOS-SA-2019-2095)

According to the versions of the wavpack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults...

EulerOS 2.0 SP8 : gd (EulerOS-SA-2019-2074)

According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below...

CVE-2019-9369

In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79995407...

CVE-2019-9314

In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563...

CVE-2019-9321

In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111208713...

CVE-2019-9313

In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112005441...

CVE-2019-9247

In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166...

Information disclosure

In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79995407...

CVE-2019-9369

In Bluetooth, there is a use of uninitialized variable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79995407...

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...

Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...