Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-908
Total 286 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2557 1 Microsoft 3 Internet Explorer, Windows Server 2003, Windows Xp 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-2556 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2007-1751 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2021-39671 1 Google 1 Android 2022-02-17 4.3 MEDIUM 6.5 MEDIUM
In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630
CVE-2022-23573 1 Google 1 Tensorflow 2022-02-10 6.5 MEDIUM 8.8 HIGH
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVE-2021-43848 1 Dena 1 H2o 2022-02-07 4.3 MEDIUM 5.9 MEDIUM
h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. This internal state includes traffic of other connections in unencrypted form and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 support, between commit 93af138 and d1f0f65. None of the released versions of h2o are affected by this vulnerability. There are no known workarounds. Users of unreleased versions of h2o using HTTP/3 are advised to upgrade immediately.
CVE-2017-4905 2 Apple, Vmware 6 Mac Os X, Esxi, Fusion and 3 more 2022-02-07 2.1 LOW 5.5 MEDIUM
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
CVE-2018-6982 2 Apple, Vmware 4 Mac Os X, Esxi, Fusion and 1 more 2022-02-03 4.9 MEDIUM 6.5 MEDIUM
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
CVE-2018-6981 2 Apple, Vmware 4 Mac Os X, Esxi, Fusion and 1 more 2022-02-03 7.2 HIGH 8.8 HIGH
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.
CVE-2016-0821 2 Google, Linux 2 Android, Linux Kernel 2022-01-31 2.1 LOW 5.5 MEDIUM
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
CVE-2021-39680 1 Google 1 Android 2022-01-19 2.1 LOW 4.4 MEDIUM
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A
CVE-2022-20018 2 Google, Mediatek 33 Android, Mt6580, Mt6739 and 30 more 2022-01-11 2.1 LOW 4.4 MEDIUM
In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.
CVE-2020-36513 1 Acc Reader Project 1 Acc Reader 2022-01-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.
CVE-2020-36512 1 Buffoon Project 1 Buffoon 2022-01-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.
CVE-2021-45703 1 Tectonic Xdv Project 1 Tectonic Xdv 2022-01-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.
CVE-2021-45694 1 Rdiff Project 1 Rdiff 2022-01-06 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations.
CVE-2021-45693 1 Messagepack-rs Project 1 Messagepack-rs 2022-01-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.
CVE-2021-45692 1 Messagepack-rs Project 1 Messagepack-rs 2022-01-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.
CVE-2021-45691 1 Messagepack-rs Project 1 Messagepack-rs 2022-01-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.
CVE-2021-45690 1 Messagepack-rs Project 1 Messagepack-rs 2022-01-06 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.