CWE-908
752 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
CVEs (752)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Mozilla 3Firefox Firefox EsrThunderbirdNov 21, 2024 Apr 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized,...Show more |
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to...Show more |
An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019). |
4Debian FedoraprojectGoogle+1 more5Backports Sle ChromeDebian Linux+2 moreNov 21, 2024 Apr 13, 2020 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4Canonical DebianLinux+1 more4Debian Linux LeapLinux Kernel+1 moreNov 21, 2024 Apr 2, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel st...Show more |
6Apache CanonicalDebian+3 more11Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+8 moreNov 21, 2024 Apr 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. |
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which...Show more |
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019). |
In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User intera...Show more |
In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction i...Show more |
1Qualcomm 20Apq8009 Firmware Apq8053 FirmwareMdm9607 Firmware+17 moreNov 21, 2024 Mar 5, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consu...Show more |
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. |
2Canonical Mozilla2Thunderbird Ubuntu LinuxNov 21, 2024 Mar 2, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. |
3Fedoraproject Openfortivpn ProjectOpensuse4Backports Sle FedoraLeap+1 moreNov 21, 2024 Feb 27, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid ce...Show more |
6Debian FedoraprojectGoogle+3 more8Backports Sle ChromeDebian Linux+5 moreNov 21, 2024 Feb 11, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
1Qualcomm 6Qcs605 Firmware Sdm439 FirmwareSdm630 Firmware+3 moreNov 21, 2024 Feb 7, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24 |
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User i...Show more |
In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no addition...Show more |
4Canonical DebianLinux+1 more13Active Iq Unified Manager Aff Baseboard Management ControllerCloud Backup+10 moreNov 21, 2024 Dec 24, 2019 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. |
1Microsoft 3Office Office 365 ProplusPowerpointNov 21, 2024 Dec 10, 2019 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. |