Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2308 | 1 Linux | 1 Linux Kernel | 2022-09-13 | N/A | 6.5 MEDIUM |
| A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. | |||||
| CVE-2021-40418 | 1 Blackmagicdesign | 1 Davinci Resolve | 2022-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application. | |||||
| CVE-2021-0698 | 1 Google | 1 Android | 2022-08-25 | N/A | 5.5 MEDIUM |
| In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848165 | |||||
| CVE-2021-0887 | 1 Google | 1 Android | 2022-08-25 | N/A | 5.5 MEDIUM |
| In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817 | |||||
| CVE-2020-27795 | 1 Radare | 1 Radare2 | 2022-08-22 | N/A | 7.5 HIGH |
| A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). | |||||
| CVE-2015-3414 | 5 Apple, Canonical, Debian and 2 more | 6 Mac Os X, Watchos, Ubuntu Linux and 3 more | 2022-08-16 | 7.5 HIGH | N/A |
| SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | |||||
| CVE-2022-33716 | 1 Google | 1 Android | 2022-08-11 | N/A | 4.4 MEDIUM |
| An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. | |||||
| CVE-2022-34655 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-08-10 | N/A | 7.5 HIGH |
| In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-44003 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2021-21966 | 1 Ti | 15 Cc3100, Cc3100 Firmware, Cc3120 and 12 more | 2022-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-29937 | 1 Telemetry Project | 1 Telemetry | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). | |||||
| CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | |||||
| CVE-2020-36432 | 1 Alg Ds Project | 1 Alg Ds | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). | |||||
| CVE-2021-28029 | 1 Toodee Project | 1 Toodee | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. | |||||
| CVE-2021-28035 | 1 Stack Dst Project | 1 Stack Dst | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. | |||||
| CVE-2021-3435 | 1 Zephyrproject | 1 Zephyr | 2022-07-08 | 2.1 LOW | 3.3 LOW |
| Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh | |||||
| CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2022-07-05 | 6.9 MEDIUM | 7.8 HIGH |
| In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | |||||
| CVE-2021-0495 | 1 Google | 1 Android | 2022-06-28 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083 | |||||
| CVE-2021-0530 | 1 Google | 1 Android | 2022-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175 | |||||
| CVE-2021-0473 | 1 Google | 1 Android | 2022-06-28 | 8.3 HIGH | 8.8 HIGH |
| In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 | |||||