High
CVSS: 8.7
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leake…
High
CVSS: 7.1
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buf…
Critical
CVSS: 9.1
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Critical
CVSS: 9.1
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Medium
CVSS: 6.5
in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.
Medium
CVSS: 6.9
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshp…
Critical
CVSS: 9.1
Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
High
CVSS: 7.5
Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148.
High
CVSS: 7.8
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabili…
Medium
CVSS: 5.5
In the Linux kernel, the following vulnerability has been resolved:
interconnect: debugfs: initialize src_node and dst_node to empty strings
The debugfs_create_str() API assumes that the string pointer is either NULL
or points to valid km…
Low
CVSS: 2.3
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory.
This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimi…
Medium
CVSS: 4.7
In the Linux kernel, the following vulnerability has been resolved:
leds: led-class: Only Add LED to leds_list when it is fully ready
Before this change the LED was added to leds_list before led_init_core()
gets called adding it the list…
Medium
CVSS: 5.5
In the Linux kernel, the following vulnerability has been resolved:
block: zero non-PI portion of auto integrity buffer
The auto-generated integrity buffer for writes needs to be fully
initialized before being passed to the underlying blo…
Medium
CVSS: 5.5
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
Blamed commit did not take care of VLAN encapsulations
as spotted by syzbot [1].
Use skb_vlan_inet_prepare() i…
High
CVSS: 7.5
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort…
High
CVSS: 7.5
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to t…
Medium
CVSS: 5.5
In the Linux kernel, the following vulnerability has been resolved:
um: init cpu_tasks[] earlier
This is currently done in uml_finishsetup(), but e.g. with
KCOV enabled we'll crash because some init code can call
into e.g. memparse(), whi…
Medium
CVSS: 5.5
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - zero initialize memory allocated via sock_kmalloc
Several crypto user API contexts and requests allocated with
sock_kmalloc() were left uninitialized, re…
Medium
CVSS: 4.4
Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
Medium
CVSS: 5.5
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a
LS_NLA_TYPE_DGID attribute, it is i…