Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-22281 1F5 1Big Ip Advanced Firewall Manager Nov 21, 2024 Feb 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 vir...Show more On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Show less
CVE-2022-47012 1Solarwinds 1Dynamips Apr 3, 2025 Jan 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
CVE-2023-21753 1Microsoft 2Windows 10 Windows Server 2019 Nov 21, 2024 Jan 10, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Event Tracing for Windows Information Disclosure Vulnerability
CVE-2022-31741 1Mozilla 3Firefox Firefox EsrThunderbird Apr 15, 2025 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR <...Show more A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.Show less
CVE-2020-36617 1Greenend 1Sftpserver Nov 21, 2024 Dec 18, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. Th...Show more A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.Show less
CVE-2022-2950 1Altair 1Hyperview Player Nov 21, 2024 Dec 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign ext...Show more Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. Show less
CVE-2022-2949 1Altair 1Hyperview Player Nov 21, 2024 Dec 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign ext...Show more Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. Show less
CVE-2022-32616 1Google 1Android May 1, 2025 Nov 8, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch...Show more In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258.Show less
CVE-2022-32615 1Google 1Android May 1, 2025 Nov 8, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch...Show more In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559.Show less
CVE-2022-39283 2Fedoraproject Freerdp 2Fedora Freerdp Nov 3, 2025 Oct 12, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP...Show more FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.Show less
CVE-2022-39282 2Fedoraproject Freerdp 2Fedora Freerdp Nov 3, 2025 Oct 12, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently c...Show more FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.Show less
CVE-2022-34390 1Dell 2Alienware Area 51 R4 Firmware Alienware Area 51 R5 Firmware Nov 21, 2024 Oct 12, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVE-2022-40768 3Debian FedoraprojectLinux 3Debian Linux FedoraLinux Kernel Nov 21, 2024 Sep 18, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-29240 1Scylladb 1Scylla Nov 21, 2024 Sep 15, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct....Show more Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of decompression buffer won't be overwritten, and will be left uninitialized. This can be exploited in several ways, depending on the privileges of the user. 1. The main exploit is that an attacker with access to CQL port, but no user account, can bypass authentication, but only if there are other legitimate clients making connections to the cluster, and they use LZ4. 2. Attacker that already has a user account on the cluster can read parts of uninitialized memory, which can contain things like passwords of other users or fragments of other queries / results, which leads to authorization bypass and sensitive information disclosure. The bug has been patched in the following versions: Scylla Enterprise: 2020.1.14, 2021.1.12, 2022.1.0. Scylla Open Source: 4.6.7, 5.0.3. Users unable to upgrade should make sure none of their drivers connect to cluster using LZ4 compression, and that Scylla CQL port is behind firewall. Additionally make sure no untrusted client can connect to Scylla, by setting up authentication and applying workarounds from previous point (firewall, no lz4 compression).Show less
CVE-2022-2308 1Linux 1Linux Kernel Nov 21, 2024 Sep 1, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application....Show more A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.Show less
CVE-2022-32745 1Samba 1Samba Nov 21, 2024 Aug 25, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
CVE-2021-0887 1Google 1Android Nov 21, 2024 Aug 24, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User intera...Show more In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817Show less
CVE-2021-0698 1Google 1Android Nov 21, 2024 Aug 24, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interacti...Show more In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848165Show less
CVE-2022-38668 1Crowcpp 1Crow Nov 21, 2024 Aug 22, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB.
CVE-2020-27795 1Radare 1Radare2 Nov 21, 2024 Aug 19, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction fcn = r_anal_get_fcn_in (core->ana...Show more A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).Show less

Previous 1...222324...38 Next