Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-0948 1Google 1Android Nov 21, 2024 Jul 13, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.
CVE-2023-35326 1Microsoft 7Windows 10 1809 Windows 10 21h2Windows 10 22h2+4 more Nov 21, 2024 Jul 11, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows CDP User Components Information Disclosure Vulnerability
CVE-2023-35325 1Microsoft 11Windows 10 1507 Windows 10 1607Windows 10 1809+8 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Print Spooler Information Disclosure Vulnerability
CVE-2023-32042 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 OLE Automation Information Disclosure Vulnerability
CVE-2023-32041 1Microsoft 9Windows 10 1607 Windows 10 1809Windows 10 21h2+6 more Nov 21, 2024 Jul 11, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows Update Orchestrator Service Information Disclosure Vulnerability
CVE-2023-35847 1Virtualsquare 1Picotcp Nov 21, 2024 Jun 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
CVE-2023-2747 1Silabs 1Gecko Software Development Kit Nov 21, 2024 Jun 15, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
CVE-2023-21127 1Google 1Android Nov 21, 2024 Jun 15, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is n...Show more In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191Show less
CVE-2023-32016 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Apr 8, 2025 Jun 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows Installer Information Disclosure Vulnerability
CVE-2023-29367 1Microsoft 4Windows Server 2012 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 iSCSI Target WMI Provider Remote Code Execution Vulnerability
CVE-2023-32213 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Jun 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVE-2023-24941 1Microsoft 4Windows Server 2012 Windows Server 2016Windows Server 2019+1 more Nov 21, 2024 May 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Windows Network File System Remote Code Execution Vulnerability
CVE-2023-28967 1Juniper 2Junos Junos Os Evolved Nov 21, 2024 Apr 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP...Show more A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.Show less
CVE-2022-25737 1Qualcomm 12Mdm8207 Firmware Mdm9205 FirmwareMdm9206 Firmware+9 more Nov 21, 2024 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure in modem due to missing NULL check while reading packets received from local network
CVE-2023-22897 1Securepoint 1Unified Threat Management Feb 10, 2025 Apr 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data...Show more An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.Show less
CVE-2023-24886 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Apr 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-27598 1Opensips 1Opensips Nov 21, 2024 Mar 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is...Show more OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.Show less
CVE-2023-23413 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Mar 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2021-32846 1Mobyproject 1Hyperkit Nov 21, 2024 Feb 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a...Show more HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.Show less
CVE-2021-32845 1Mobyproject 1Hyperkit Nov 21, 2024 Feb 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_ge...Show more HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.Show less

Previous 1...212223...38 Next