Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-0433 2Fedoraproject Linux 2Fedora Linux Kernel Nov 21, 2024 Mar 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw...Show more A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.Show less
CVE-2021-21966 1Ti 3Cc3100 Firmware Cc3200 FirmwareSimplelink Cc32xx Software Development Kit Nov 21, 2024 Feb 16, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read....Show more An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-0115 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Feb 12, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2021-39671 1Google 1Android Nov 21, 2024 Feb 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interactio...Show more In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630Show less
CVE-2022-23573 1Google 1Tensorflow Nov 21, 2024 Feb 4, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check...Show more Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.Show less
CVE-2022-24448 2Debian Linux 2Debian Linux Linux Kernel Nov 21, 2024 Feb 4, 2022 N/A· v4 3.3 LOW· v3 1.9 LOW· v2 An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is...Show more An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.Show less
CVE-2021-43848 1Dena 1H2o Nov 21, 2024 Feb 1, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misgui...Show more h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. This internal state includes traffic of other connections in unencrypted form and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 support, between commit 93af138 and d1f0f65. None of the released versions of h2o are affected by this vulnerability. There are no known workarounds. Users of unreleased versions of h2o using HTTP/3 are advised to upgrade immediately.Show less
CVE-2021-39680 1Google 1Android Nov 21, 2024 Jan 14, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is...Show more In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/AShow less
CVE-2022-20018 1Google 1Android Nov 21, 2024 Jan 4, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploita...Show more In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.Show less
CVE-2022-20015 1Google 1Android Nov 21, 2024 Jan 4, 2022 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for ex...Show more In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966.Show less
CVE-2021-45703 1Tectonic Xdv Project 1Tectonic Xdv Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.
CVE-2021-45694 1Rdiff Project 1Rdiff Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations.
CVE-2021-45693 1Messagepack Rs Project 1Messagepack Rs Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.
CVE-2021-45692 1Messagepack Rs Project 1Messagepack Rs Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.
CVE-2021-45691 1Messagepack Rs Project 1Messagepack Rs Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.
CVE-2021-45690 1Messagepack Rs Project 1Messagepack Rs Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.
CVE-2021-45689 1Gfx Auxil Project 1Gfx Auxil Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations.
CVE-2021-45688 1Ash Rs 1Ash Sep 30, 2025 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
CVE-2021-45686 1Csv Sniffer Project 1Csv Sniffer Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations.
CVE-2021-45685 1Columnar Project 1Columnar Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations.

Previous 1...242526...38 Next