Total
505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | |||||
| CVE-2021-3435 | 1 Zephyrproject | 1 Zephyr | 2022-07-08 | 2.1 LOW | 3.3 LOW |
| Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh | |||||
| CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2022-07-05 | 6.9 MEDIUM | 7.8 HIGH |
| In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | |||||
| CVE-2021-0495 | 1 Google | 1 Android | 2022-06-28 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083 | |||||
| CVE-2021-0530 | 1 Google | 1 Android | 2022-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175 | |||||
| CVE-2021-0526 | 1 Google | 1 Android | 2022-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195264 | |||||
| CVE-2021-0473 | 1 Google | 1 Android | 2022-06-28 | 8.3 HIGH | 8.8 HIGH |
| In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 | |||||
| CVE-2022-25345 | 1 Discordjs | 1 Opus | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash. | |||||
| CVE-2019-5067 | 1 Aspose | 1 Aspose.pdf For C\+\+ | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. | |||||
| CVE-2022-31026 | 1 Trilogy Project | 1 Trilogy | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. | |||||
| CVE-2022-29205 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-20119 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A | |||||
| CVE-2022-20008 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 4.6 MEDIUM |
| In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel | |||||
| CVE-2022-26370 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-28488 | 1 Libwav Project | 1 Libwav | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. | |||||
| CVE-2022-20096 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2022-05-11 | 2.1 LOW | 4.4 MEDIUM |
| In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003. | |||||
| CVE-2021-25905 | 1 Bra Project | 1 Bra | 2022-05-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory. | |||||
| CVE-2021-28033 | 1 Byte Struct Project | 1 Byte Struct | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. | |||||
| CVE-2021-36282 | 1 Dell | 1 Emc Powerscale Onefs | 2022-05-03 | 2.1 LOW | 3.3 LOW |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. | |||||
| CVE-2020-3964 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2022-05-03 | 1.9 LOW | 4.7 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. | |||||