Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-20357 1Google 1Android Nov 21, 2024 Aug 10, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interacti...Show more In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987Show less
CVE-2022-33716 1Google 1Android Nov 21, 2024 Aug 5, 2022 N/A· v4 4.4 MEDIUM· v3 N/A· v2 An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.
CVE-2022-34655 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 Aug 4, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Man...Show more In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2022-26437 1Mediatek 1Nbiot Sdk Nov 21, 2024 Aug 1, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo...Show more In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.Show less
CVE-2022-34266 1Libtiff 1Libtiff Sep 30, 2025 Jul 19, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file,...Show more The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.Show less
CVE-2022-35414 2Debian Qemu 2Debian Linux Qemu Nov 21, 2024 Jul 11, 2022 N/A· v4 8.8 HIGH· v3 6.1 MEDIUM· v2 softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu...Show more softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.Show less
CVE-2021-3435 1Zephyrproject 1Zephyr Nov 21, 2024 Jun 28, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rq...Show more Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqhShow less
CVE-2021-40608 1Gpac 1Gpac Nov 21, 2024 Jun 28, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2022-25345 1Discordjs 1Opus Nov 21, 2024 Jun 17, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.
CVE-2022-20176 1Google 1Android Nov 21, 2024 Jun 15, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction i...Show more In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/AShow less
CVE-2022-31026 1Trilogy Project 1Trilogy Nov 21, 2024 Jun 9, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized va...Show more Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.Show less
CVE-2022-29205 1Google 1Tensorflow Nov 21, 2024 May 20, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.` ops which don'...Show more TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.Show less
CVE-2022-20119 1Google 1Android Nov 21, 2024 May 10, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User int...Show more In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/AShow less
CVE-2022-20008 1Google 1Android Nov 21, 2024 May 10, 2022 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no ad...Show more In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernelShow less
CVE-2022-26370 1F5 11Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+8 more Nov 21, 2024 May 5, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (...Show more On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedShow less
CVE-2022-28488 1Libwav Project 1Libwav Nov 21, 2024 May 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability.
CVE-2022-20096 1Google 1Android Nov 21, 2024 May 3, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Pa...Show more In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003.Show less
CVE-2021-41041 2Eclipse Oracle 2Java Se Openj9 Nov 21, 2024 Apr 27, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoke...Show more In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.Show less
CVE-2022-20079 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploi...Show more In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289.Show less
CVE-2022-0494 2Debian Linux 2Debian Linux Linux Kernel Nov 21, 2024 Mar 25, 2022 N/A· v4 4.4 MEDIUM· v3 4.9 MEDIUM· v2 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO)...Show more A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.Show less

Previous 1...232425...38 Next