SUSE CVE-2024-36476

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...

Octopus Kubernetes 安全漏洞

Octopus Kubernetes is a cloud-native device management system from Octopus. A security vulnerability exists in Octopus Kubernetes that stems from a sensitive variable that can be written in plaintext to a Kubernetes script pod log...

CVE-2024-36476

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...

UBUNTU-CVE-2024-36476

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...

CVE-2025-21630

...

PT-2025-4311 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the io uring/net component, where the kmsg-msg.msg inq variable may be used uninitialized. This can occur...

BIT-PHP-MIN-2022-4900 Potential buffer overflow in php_cli_server_startup_workers

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

The vulnerability of the add inode_ref() function in the fs/btrfs/tree-log.c file of the Linux kernel’s file system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the add inoderef function in the fs/btrfs/tree-log.c file of the Btrfs file system in Linux kernels is related to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

CVE-2024-57878 arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMFPMR Currently fpmrset doesn't initialize the temporary 'fpmr' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will...

CVE-2024-57878

CVE-2024-57878 (Linux kernel, arm64) : The vulnerability in ptrace NT_ARM_FPMR regset handling could leave the temporary fpmr uninitialized for zero-length writes, potentially leaking up to 64 bits of kernel-stack memory. The patch initializes the temporary value before copying the regset from us...

CVE-2024-57877 arm64: ptrace: fix partial SETREGSET for NT_ARM_POE

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMPOE Currently poeset doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will b...

CVE-2024-57874 arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMTAGGEDADDRCTRL Currently taggedaddrctrlset doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently...

CVE-2024-56446

CVE-2024-56446 concerns Huawei HarmonyOS with a vulnerability in the notification module where variables are not initialized. The impact described is potential availability disruption. The documents do not specify affected product versions, root cause details beyond the initialization issue, expl...

LibreOffice Multiple Vulnerabilities (Jan 2025) - Mac OS X

LibreOffice is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:libreoffice:libreoffice";...

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

PT-2025-49183

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.65 Description An issue exists in Apache HTTP Server where improper neutralization of escape, meta, or control sequences can occur through environment variables set via the Apache configuration. Th...

PT-2025-30880

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw where uprobes could be misused destructively when placed within an instruction. The kernel validated the presence of a valid instruction at the specifie...

PT-2025-49184

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.7 through 2.4.65 Description A flaw exists in Apache HTTP Server where a bypass of mod userdir+suexec is possible via the AllowOverride FileInfo functionality. Individuals with the ability to utilize the...

CVE-2024-56720

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpfmsgpopdata Several fixes to bpfmsgpopdata, 1. In skmsgshiftleft, we should putpage 2. if len == 0, return early is better 3. pop the entire skmsg last == msg-sg.size should be supported 4. Fix...