9565 matches found
CVE-2025-2024 Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visi...
CVE-2025-2024
CVE-2025-2024 affects Trimble SketchUp via its SKP file parser. The flaw is an uninitialized memory access in SKP file parsing, allowing an attacker to execute code in the process context. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerab...
OESA-2025-1232 grub2 security update
GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the...
CVE-2025-21843 drm/panthor: avoid garbage value in panthor_ioctl_dev_query()
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthorioctldevquery 'prioritiesinfo' is uninitialized, and the uninitialized value is copied to user object when calling PANTHORUOBJSET. Using memset to initialize 'prioritiesinfo' to avoid th...
CVE-2024-58084
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcomscmgettzmempool Commit 2e4955167ec5 "firmware: qcom: scm: Fix scm and waitq completion variable initialization" introduced a write barrier in probe function to store global 'sc...
UBUNTU-CVE-2024-58084
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcomscmgettzmempool Commit 2e4955167ec5 "firmware: qcom: scm: Fix scm and waitq completion variable initialization" introduced a write barrier in probe function to store global 'sc...
CVE-2024-58084
The CVE-2024-58084 issue in the Linux kernel relates to the Qualcomm SC M firmware (qcom_scm) read barriers. The advisory notes a missing read barrier in qcom_scm_get_tzmem_pool() and that a write barrier was previously added in probe. Access from concurrent contexts could fetch a stale __scm val...
microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm
Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm
Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm
Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm
Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm
Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm
Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
Important: gstreamer1-plugins-good
Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This...
PT-2025-10015
Name of the Vulnerable Software and Affected Versions Trimble SketchUp affected versions not specified Description The issue is related to an uninitialized variable in the SKP file parsing mechanism, which can lead to remote code execution. Recommendations At the moment, there is no information...
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SK...
Medium: php8.3
Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...
CVE-2025-26914
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bowo Variable Inspector variable-inspector allows Reflected XSS.This issue affects Variable Inspector: from n/a through = 2.6.2...
Linux Distros Unpatched Vulnerability : CVE-2024-2700
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build,...
Linux Distros Unpatched Vulnerability : CVE-2022-41946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...