Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-45684 1Flumedb Project 1Flumedb Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations.
CVE-2021-45683 1Binjs Io Project 1Binjs Io Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations.
CVE-2021-45682 1Bronzedb Protocol Project 1Bronzedb Protocol Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.
CVE-2020-36514 1Acc Reader Project 1Acc Reader Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.
CVE-2020-36513 1Acc Reader Project 1Acc Reader Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.
CVE-2020-36512 1Buffoon Project 1Buffoon Nov 21, 2024 Dec 27, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.
CVE-2020-36511 1Bite Project 1Bite Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations.
CVE-2018-25023 1Servo 1Smallvec Nov 21, 2024 Dec 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.
CVE-2021-40418 1Blackmagicdesign 1Davinci Resolve Nov 21, 2024 Dec 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the...Show more When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.Show less
CVE-2021-44003 1Siemens 2Jt2go Teamcenter Visualization Nov 21, 2024 Dec 14, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied T...Show more A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.Show less
CVE-2021-41253 1Zyantific 1Zydis Nov 21, 2024 Nov 8, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom...Show more Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version.Show less
CVE-2021-41225 1Google 1Tensorflow Nov 21, 2024 Nov 5, 2021 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets opt...Show more TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.Show less
CVE-2021-3928 3Debian FedoraprojectVim 3Debian Linux FedoraVim Nov 21, 2024 Nov 5, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 vim is vulnerable to Use of Uninitialized Variable
CVE-2021-34855 1Parallels 1Parallels Desktop Nov 21, 2024 Oct 25, 2021 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the t...Show more This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592.Show less
CVE-2021-0938 1Google 1Android Nov 21, 2024 Oct 25, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User inte...Show more In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernelShow less
CVE-2021-0634 1Google 1Android Nov 21, 2024 Oct 25, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitatio...Show more In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.Show less
CVE-2021-36512 1Synchro 1Bulletin Board System Nov 21, 2024 Oct 19, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.
CVE-2021-1619 1Cisco 146Ios Xe Ios Xe Sd WanIos Xe Sd Wan 16.10.1 When Installed On 1000 Series Integrated Services+143 more Nov 21, 2024 Sep 23, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of t...Show more A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.Show less
CVE-2021-29631 1Freebsd 1Freebsd Nov 21, 2024 Aug 30, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models...Show more In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.Show less
CVE-2021-36007 1Adobe 1Prelude Nov 21, 2024 Aug 20, 2021 N/A· v4 3.3 LOW· v3 6.8 MEDIUM· v2 Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary...Show more Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less

Previous 1...252627...38 Next