Apache HTTP Server: mod_ssl error log variable escaping

...

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.

...

Dassault Systèmes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

The vulnerability of the EPA component of the Honeywell Experion PKS programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the Epic Platform Analyzer EPA component of Honeywell Experion PKS programmable logic controllers is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

CVE-2025-6974

Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file...

CVE-2025-6974

SOLIDWORKS eDrawings for SOLIDWORKS Desktop 2025 is affected by CVE-2025-6974 due to an uninitialized variable in the JT file reading procedure. This can allow arbitrary code execution when opening a specially crafted JT file. Root cause: uninitialized memory access during JT file parsing. Affect...

CVE-2025-6974 Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file...

CVE-2025-6974 Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file...

emacs security update

1:26.1-15 - Restore definition of variable 'enable-dir-local-variables' RHEL-92830 1:26.1-14 - Fix arbitrary code execution via Lisp macro expansion RHEL-69394...

PT-2025-29573 · Dassault Systèmes · Solidworks Edrawings +1

Name of the Vulnerable Software and Affected Versions: SOLIDWORKS eDrawings versions prior to SOLIDWORKS Desktop 2025 Description: A use of uninitialized variable issue exists in the JT file reading procedure. This could allow an attacker to execute arbitrary code when opening a specially crafted...

Malicious code in paradox-pydevdeps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffb02e4aaa239e465a9365307dc9f04e5d881cc9f56bd34a1112ce87db7998bc Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

lz4 security update

1.8.3-5 - Fix a renamed variable in one of the patches - Since the variable was used in an assert, the regular build did not fail, but the QA builds did. - Related: RHEL-87362 1.8.3-4 - Fix CVE-2019-17543 - Resolves: RHEL-87362...

CVE-2025-2520

The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer EPA communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to...

SUSE CVE-2025-38277

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

SUSE CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

MAL-2025-191743 Malicious code in gpu-free-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0846b9b18e7af4ddef44ca9cb92d5543ace58ee3f171080b1570c3f044749dec Code attempts to exfiltrate any env variable containing "key" in name. This action is triggered on multiple occasions thanks to overwriting module loading and...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

SUSE-SU-2025:02281-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

SUSE-SU-2025:02279-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...