Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-908
Total 286 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26370 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2022-05-13 5.0 MEDIUM 7.5 HIGH
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-28488 1 Libwav Project 1 Libwav 2022-05-12 5.0 MEDIUM 7.5 HIGH
The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability.
CVE-2022-20096 2 Google, Mediatek 13 Android, Mt6765, Mt6768 and 10 more 2022-05-11 2.1 LOW 4.4 MEDIUM
In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003.
CVE-2021-28033 1 Byte Struct Project 1 Byte Struct 2022-05-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.
CVE-2021-25905 1 Bra Project 1 Bra 2022-05-03 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
CVE-2021-36282 1 Dell 1 Emc Powerscale Onefs 2022-05-03 2.1 LOW 3.3 LOW
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.
CVE-2020-10933 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2022-05-03 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
CVE-2020-3964 1 Vmware 4 Cloud Foundation, Esxi, Fusion and 1 more 2022-05-03 1.9 LOW 4.7 MEDIUM
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
CVE-2020-11494 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2022-04-29 2.1 LOW 4.4 MEDIUM
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
CVE-2020-13113 4 Canonical, Debian, Libexif Project and 1 more 4 Ubuntu Linux, Debian Linux, Libexif and 1 more 2022-04-26 6.4 MEDIUM 8.2 HIGH
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
CVE-2020-1934 6 Apache, Canonical, Debian and 3 more 11 Http Server, Ubuntu Linux, Debian Linux and 8 more 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2019-19535 4 Debian, Linux, Opensuse and 1 more 4 Debian Linux, Linux Kernel, Leap and 1 more 2022-04-26 2.1 LOW 4.6 MEDIUM
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
CVE-2021-29934 1 Uu Od Project 1 Uu Od 2022-04-25 7.5 HIGH 7.3 HIGH
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.
CVE-2021-26951 1 Calamine Project 1 Calamine 2022-04-25 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
CVE-2020-6444 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2022-04-22 6.8 MEDIUM 6.3 MEDIUM
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-3975 1 Atlantiswordprocessor 1 Atlantis Word Processor 2022-04-19 6.8 MEDIUM 7.8 HIGH
An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.
CVE-2018-3989 2 Microsoft, Wibu 2 Windows, Wibukey 2022-04-19 2.1 LOW 5.5 MEDIUM
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
CVE-2022-0115 2 Fedoraproject, Google 2 Fedora, Chrome 2022-04-18 6.8 MEDIUM 8.8 HIGH
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2019-18786 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2022-04-18 2.1 LOW 5.5 MEDIUM
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.
CVE-2017-5103 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2022-04-08 4.3 MEDIUM 4.3 MEDIUM
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.