UBUNTU-CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the...

F5 Networks BIG-IP : NTP vulnerabilities (K02360853)

CVE-2015-5194 The logconfigcommand function in ntpparser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service ntpd crash via crafted logconfig commands. CVE-2015-5195 ntpopenssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of servic...

CVE-2016-8385

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In mo...

Stack overflow

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In mo...

CVE-2016-8385

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In mo...

CVE-2016-8385

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In mo...

Iceni Argus PDF Uninitialized WordStyle Color Length Code Execution Vulnerability

Summary An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operatio...

PT-2017-9651 · Iceni · Iceni Argus

Name of the Vulnerable Software and Affected Versions: Iceni Argus affected versions not specified Description: The issue is related to an uninitialized variable vulnerability that leads to a stack-based buffer overflow. This occurs when Iceni Argus attempts to convert a malformed PDF to XML,...

Adobe Acrobat Reader DC jpeg decoder Remote Code Execution Vulnerability

Summary A use of uninitialized memory vulnerability exists in JPEG image file format decoding code of Adobe Acrobat Reader which ultimately leads to a heap-based buffer overflow which can be abused to achieve remote code execution. A specially crafted PDF file with an embedded JPEG can trigger th...

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7264)

An information disclosure vulnerability exists within Microsoft Office. The vulnerability occurs due to an out-of-bound memory read as a result of an uninitialized variable, and could be used to disclose the memory content. A remote attacker can exploit this issue by enticing a victim to open a...

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7265)

An information disclosure vulnerability was discovered within Microsoft Office. The vulnerability is due to reading out of bound memory due to an uninitialized variable which could disclose the contents of memory. A remote attacker can exploit this issue by enticing a victim to open a specially...

DEBIAN-CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

Microsoft Office Word Viewer Information Disclosure Vulnerability (3199168)

This host is missing an important security update according to Microsoft Bulletin MS16-133. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

ntp: crash with crafted logconfig configuration command

It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands...

Security update for qemu (important)

qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a...

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

DEBIAN-CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...