Search
Total
243 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45694 | 1 Rdiff Project | 1 Rdiff | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations. | |||||
| CVE-2021-45693 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations. | |||||
| CVE-2021-45692 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations. | |||||
| CVE-2021-45691 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations. | |||||
| CVE-2021-45690 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations. | |||||
| CVE-2021-45689 | 1 Gfx-auxil Project | 1 Gfx-auxil | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations. | |||||
| CVE-2021-45688 | 1 Ash Project | 1 Ash | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations. | |||||
| CVE-2020-36511 | 1 Bite Project | 1 Bite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. | |||||
| CVE-2020-36514 | 1 Acc Reader Project | 1 Acc Reader | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. | |||||
| CVE-2021-45686 | 1 Csv-sniffer Project | 1 Csv-sniffer | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations. | |||||
| CVE-2021-45685 | 1 Columnar Project | 1 Columnar | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations. | |||||
| CVE-2021-45684 | 1 Flumedb Project | 1 Flumedb | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations. | |||||
| CVE-2021-45683 | 1 Binjs Io Project | 1 Binjs Io | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations. | |||||
| CVE-2021-45682 | 1 Bronzedb-protocol Project | 1 Bronzedb-protocol | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations. | |||||
| CVE-2019-18603 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2022-01-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. | |||||
| CVE-2019-18602 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. | |||||
| CVE-2020-0006 | 1 Google | 1 Android | 2022-01-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828 | |||||
| CVE-2020-0007 | 1 Google | 1 Android | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807 | |||||
| CVE-2020-6792 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2022-01-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2020-6793 | 1 Mozilla | 1 Thunderbird | 2022-01-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2020-20739 | 3 Debian, Fedoraproject, Libvips Project | 3 Debian Linux, Fedora, Libvips | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | |||||
| CVE-2020-17482 | 1 Powerdns | 1 Authoritative | 2022-01-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | |||||
| CVE-2020-10732 | 4 Canonical, Linux, Netapp and 1 more | 31 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 28 more | 2021-12-21 | 3.6 LOW | 4.4 MEDIUM |
| A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. | |||||
| CVE-2021-29631 | 1 Freebsd | 1 Freebsd | 2021-12-14 | 7.2 HIGH | 7.8 HIGH |
| In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process. | |||||
| CVE-2021-30578 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-21190 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2018-25014 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-15193 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2021-11-18 | 5.5 MEDIUM | 7.1 HIGH |
| In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. | |||||
| CVE-2021-41225 | 1 Google | 1 Tensorflow | 2021-11-10 | 2.1 LOW | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2019-0006 | 1 Juniper | 31 Ex2200, Ex2200-c, Ex2300 and 28 more | 2021-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms. | |||||
| CVE-2021-34855 | 1 Parallels | 1 Parallels Desktop | 2021-10-27 | 2.1 LOW | 6.5 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592. | |||||
| CVE-2021-0634 | 1 Google | 1 Android | 2021-10-26 | 7.2 HIGH | 6.7 MEDIUM |
| In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994. | |||||
| CVE-2021-0938 | 1 Google | 1 Android | 2021-10-26 | 2.1 LOW | 5.5 MEDIUM |
| In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel | |||||
| CVE-2021-36512 | 1 Synchro | 1 Bulletin Board System | 2021-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value. | |||||
| CVE-2021-3545 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2021-10-18 | 2.1 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. | |||||
| CVE-2021-36007 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2021-08-30 | 6.8 MEDIUM | 3.3 LOW |
| Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-1104 | 1 Risc-v | 1 Instruction Set Manual | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service. | |||||
| CVE-2021-37682 | 1 Google | 1 Tensorflow | 2021-08-19 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200). The issue stems from the fact that `quantization.params` is only valid if `quantization.type` is different that `kTfLiteNoQuantization`. However, these checks are missing in large parts of the code. We have patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2020-36443 | 1 Libp2p | 1 Libp2p-deflate | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function. | |||||
| CVE-2018-1037 | 1 Microsoft | 2 Visual Studio, Visual Studio 2017 | 2021-08-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. | |||||
| CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | |||||
| CVE-2020-0411 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-142641801 | |||||
| CVE-2020-1342 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445. | |||||
| CVE-2020-35494 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2019-13117 | 1 Xmlsoft | 1 Libxslt | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. | |||||
| CVE-2020-11260 | 1 Qualcomm | 472 Apq8017, Apq8017 Firmware, Apq8053 and 469 more | 2021-06-21 | 7.2 HIGH | 8.4 HIGH |
| An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-21218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-06-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2021-29581 | 1 Google | 1 Tensorflow | 2021-05-20 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com/tensorflow/tensorflow/blob/a74768f8e4efbda4def9f16ee7e13cf3922ac5f7/tensorflow/core/kernels/ctc_decoder_ops.cc#L68-L79) fails to detect cases when the input tensor is empty and proceeds to read data from a null buffer. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29580 | 1 Google | 1 Tensorflow | 2021-05-20 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a `CHECK` condition becomes false and aborts the process. The implementation(https://github.com/tensorflow/tensorflow/blob/169054888d50ce488dfde9ca55d91d6325efbd5b/tensorflow/core/kernels/fractional_max_pool_op.cc#L215) fails to validate that input and output tensors are not empty and are of the same rank. Each of these unchecked assumptions is responsible for the above issues. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-30027 | 1 Md4c Project | 1 Md4c | 2021-05-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. | |||||