Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CVEs (752)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-1254 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Sep 11, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
CVE-2019-16144 1Generator Rs Project 1Generator Rs Nov 21, 2024 Sep 9, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
CVE-2019-15553 1Memoffset Project 1Memoffset Nov 21, 2024 Aug 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.
CVE-2018-20992 1Claxon Project 1Claxon Nov 21, 2024 Aug 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.
CVE-2019-13220 2Debian Stb Vorbis Project 2Debian Linux Stb Vorbis Nov 21, 2024 Aug 15, 2019 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
CVE-2019-11694 1Mozilla 2Firefox Thunderbird Nov 25, 2025 Jul 23, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential lea...Show more A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.Show less
CVE-2019-1010299 1Rust Lang 1Rust Nov 21, 2024 Jul 15, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is:...Show more The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.Show less
CVE-2019-1010319 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraUbuntu Linux+1 more Nov 21, 2024 Jul 11, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vecto...Show more WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.Show less
CVE-2019-1010317 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraUbuntu Linux+1 more Nov 21, 2024 Jul 11, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is...Show more WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.Show less
CVE-2019-2118 1Google 1Android Nov 21, 2024 Jul 8, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is n...Show more In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-130161842.Show less
CVE-2019-2105 1Google 1Android Nov 21, 2024 Jul 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileg...Show more In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182.Show less
CVE-2019-2104 1Google 1Android Nov 21, 2024 Jul 8, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User...Show more In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131356202Show less
CVE-2019-13135 4Canonical DebianF5+1 more 5Big Ip Application Acceleration Manager Big Ip WebacceleratorDebian Linux+2 more Nov 21, 2024 Jul 1, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVE-2019-13117 6Canonical DebianFedoraproject+3 more 6Debian Linux FedoraLeap+3 more May 28, 2026 Jul 1, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains...Show more In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.Show less
CVE-2019-5818 4Debian FedoraprojectGoogle+1 more 5Backports ChromeDebian Linux+2 more Nov 21, 2024 Jun 27, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
CVE-2018-6132 1Google 1Chrome Nov 21, 2024 Jun 27, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
CVE-2019-2004 1Google 1Android Nov 21, 2024 Jun 19, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User inte...Show more In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-115739809Show less
CVE-2019-11038 8Canonical DebianFedoraproject+5 more 13Debian Linux Enterprise LinuxFedora+10 more Nov 21, 2024 Jun 19, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to...Show more When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.Show less
CVE-2019-7321 1Artifex 1Mupdf Nov 21, 2024 Jun 13, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
CVE-2019-12730 1Ffmpeg 1Ffmpeg Nov 21, 2024 Jun 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

Previous 1...333435...38 Next