CWE-908
752 CVEs • Abstraction: Base • Likelihood of Exploit: Medium
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
CVEs (752)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
5Canonical DebianFedoraproject+2 more8Chrome Debian LinuxEnterprise Linux Desktop+5 moreNov 21, 2024 Dec 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
4Debian FedoraprojectGoogle+1 more7Chrome Debian LinuxEnterprise Linux Desktop+4 moreNov 21, 2024 Dec 10, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4Debian LinuxOpensuse+1 more4Debian Linux LeapLinux Kernel+1 moreNov 21, 2024 Dec 3, 2019 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. |
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Hos...Show more |
1Qualcomm 36Mdm9206 Firmware Mdm9607 FirmwareMsm8909w Firmware+33 moreNov 21, 2024 Nov 6, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd...Show more |
2Canonical Linux2Linux Kernel Ubuntu LinuxNov 21, 2024 Nov 6, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. |
2Debian Openafs2Debian Linux OpenafsNov 21, 2024 Oct 29, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. |
2Debian Openafs2Debian Linux OpenafsNov 21, 2024 Oct 29, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. |
3Canonical DebianXmlsoft3Debian Linux LibxsltUbuntu LinuxMay 28, 2026 Oct 18, 2019 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and me...Show more |
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr...Show more |
2Debian Matio Project2Debian Linux MatioNov 21, 2024 Oct 13, 2019 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. |
2Canonical Nlnetlabs2Ubuntu Linux UnboundNov 21, 2024 Oct 3, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. |
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for expl...Show more |
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for expl...Show more |
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...Show more |
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...Show more |
In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitatio...Show more |
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...Show more |
In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitatio...Show more |
In libxaac, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product...Show more |