Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31919 | 1 Rkyv Project | 1 Rkyv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.
|
|||||
| CVE-2021-29980 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
|
|||||
| CVE-2021-29647 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
|
|||||
| CVE-2021-28687 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced ...
Show More |
|||||
| CVE-2021-28167 | 1 Eclipse | 1 Openj9 | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.
|
|||||
| CVE-2021-26333 | 1 Amd | 2 Chipset Driver, Psp Driver | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
|
|||||
| CVE-2021-23994 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
|
|||||
| CVE-2021-23386 | 1 Dns-packet Project | 1 Dns-packet | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
|
|||||
| CVE-2021-22898 | 6 Debian, Fedoraproject, Haxx and 3 more | 12 Debian Linux, Fedora, Curl and 9 more | 2024-11-21 | 2.6 LOW | 3.1 LOW |
|
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.
|
|||||
| CVE-2021-22482 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data.
|
|||||
| CVE-2021-1405 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process c ...
Show More |
|||||
| CVE-2021-0966 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-198346478
|
|||||
| CVE-2021-0961 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196046570References: Upstream kernel
|
|||||
| CVE-2021-0947 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace. The method TLServerDiscoverStreamsKM may fail for several reasons including invalid sizes. If this method fails the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: ...
Show More |
|||||
| CVE-2021-0946 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method PMR_PDumpSymbolicAddr may fail, and if it does the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-236846966
|
|||||
| CVE-2021-0484 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767
|
|||||
| CVE-2020-9227 | 1 Huawei | 2 Moana-al00b, Moana-al00b Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions.
|
|||||
| CVE-2020-6792 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.
|
|||||
| CVE-2020-25579 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
|
|||||
| CVE-2020-24455 | 2 Fedoraproject, Tpm2 Software Stack Project | 2 Fedora, Tpm2 Software Stack | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.
|
|||||
| CVE-2020-20739 | 3 Debian, Fedoraproject, Libvips | 3 Debian Linux, Fedora, Libvips | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
|
|||||
| CVE-2020-1419 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426.
|
|||||
| CVE-2020-12523 | 1 Phoenixcontact | 18 Fl Mguard Rs4004 Tx\/dtx, Fl Mguard Rs4004 Tx\/dtx Firmware, Fl Mguard Rs4004 Tx\/dtx Vpn and 15 more | 2024-11-21 | 6.4 MEDIUM | 5.4 MEDIUM |
|
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource
|
|||||
| CVE-2020-12352 | 2 Bluez, Linux | 2 Bluez, Linux Kernel | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
|
|||||
| CVE-2020-11741 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 6.9 MEDIUM | 8.8 HIGH |
|
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head ...
Show More |
|||||
| CVE-2020-11494 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
|
|||||
| CVE-2020-0488 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158484516
|
|||||
| CVE-2020-0438 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320
|
|||||
| CVE-2020-0195 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144686961
|
|||||
| CVE-2020-0134 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771
|
|||||
| CVE-2020-0101 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096
|
|||||
| CVE-2019-9639 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
|
|||||
| CVE-2019-9321 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111208713
|
|||||
| CVE-2019-9320 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111761624
|
|||||
| CVE-2019-9319 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762100
|
|||||
| CVE-2019-9318 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764725
|
|||||
| CVE-2019-9317 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258
|
|||||
| CVE-2019-9316 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052432
|
|||||
| CVE-2019-9315 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216
|
|||||
| CVE-2019-9314 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563
|
|||||