Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-0340 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed...Show more In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144901522Show less
CVE-2020-0321 1Google 1Android Nov 21, 2024 Sep 17, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitatio...Show more In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907Show less
CVE-2020-24753 1Objective Open Cbor Run Time Project 1Objective Open Cbor Run Time Nov 21, 2024 Sep 17, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor...Show more A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.Show less
CVE-2020-16855 1Microsoft 1Office Feb 23, 2026 Sep 11, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 <p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully explo...Show more <p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.</p> <p>The security update addresses the vulnerability by properly initializing the affected variable.</p>Show less
CVE-2019-14052 1Qualcomm 51Apq8009 Firmware Apq8017 FirmwareApq8053 Firmware+48 more Nov 21, 2024 Sep 8, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdra...Show more u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130Show less
CVE-2020-14704 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Jul 15, 2020 N/A· v4 6.0 MEDIUM· v3 4.9 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerabilit...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).Show less
CVE-2020-14703 2Opensuse Oracle 2Leap Vm Virtualbox Nov 21, 2024 Jul 15, 2020 N/A· v4 6.0 MEDIUM· v3 4.9 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerabilit...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).Show less
CVE-2020-1342 1Microsoft 7365 Apps OfficeOffice Online Server+4 more Nov 21, 2024 Jul 14, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Dis...Show more An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.Show less
CVE-2020-15523 2Netapp Python 2Python Snapcenter Nov 21, 2024 Jul 4, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs...Show more In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.Show less
CVE-2020-3964 1Vmware 4Cloud Foundation EsxiFusion+1 more Nov 21, 2024 Jun 25, 2020 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the...Show more VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.Show less
CVE-2020-10732 4Canonical LinuxNetapp+1 more 19Active Iq Unified Manager Aff 8300 FirmwareAff 8700 Firmware+16 more Nov 21, 2024 Jun 12, 2020 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-0195 1Google 1Android Nov 21, 2024 Jun 11, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no...Show more In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144686961Show less
CVE-2020-13899 1Meetecho 1Janus Nov 21, 2024 Jun 10, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.
CVE-2020-1322 1Microsoft 3365 Apps OfficeProject Nov 21, 2024 Jun 9, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.
CVE-2020-1206 1Microsoft 2Windows 10 Windows Server 2016 Nov 21, 2024 Jun 9, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
CVE-2020-13113 4Canonical DebianLibexif Project+1 more 4Debian Linux LeapLibexif+1 more Nov 21, 2024 May 21, 2020 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
CVE-2020-0101 1Google 1Android Nov 21, 2024 May 14, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is n...Show more In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096Show less
CVE-2020-10933 3Debian FedoraprojectRuby Lang 3Debian Linux FedoraRuby Nov 21, 2024 May 4, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the request...Show more An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.Show less
CVE-2020-2575 1Oracle 1Vm Virtualbox Nov 21, 2024 Apr 29, 2020 N/A· v4 7.5 HIGH· v3 4.4 MEDIUM· v2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerabili...Show more Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).Show less
CVE-2020-7451 1Freebsd 1Freebsd Nov 21, 2024 Apr 28, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or...Show more In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.Show less

Previous 1...293031...38 Next