Total
582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3475 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | 8.8 High |
| Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2009-2692 | 4 Debian, Linux, Redhat and 1 more | 11 Debian Linux, Linux Kernel, Enterprise Linux and 8 more | 2025-04-09 | 7.8 High |
| The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | ||||
| CVE-2008-2934 | 3 Apple, Canonical, Mozilla | 3 Mac Os X, Ubuntu Linux, Firefox | 2025-04-09 | 8.8 High |
| Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | ||||
| CVE-2009-0949 | 6 Apple, Canonical, Debian and 3 more | 8 Cups, Mac Os X, Mac Os X Server and 5 more | 2025-04-09 | 7.5 High |
| The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | ||||
| CVE-2023-32016 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | 5.5 Medium |
| Windows Installer Information Disclosure Vulnerability | ||||
| CVE-2023-38140 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2025-04-08 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2022-47012 | 1 Solarwinds | 1 Dynamips | 2025-04-03 | 7.5 High |
| Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | ||||
| CVE-2018-9377 | 1 Google | 1 Android | 2025-04-03 | 8.4 High |
| In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-21312 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-02 | 2.4 Low |
| Windows Smart Card Reader Information Disclosure Vulnerability | ||||
| CVE-2025-21220 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-04-02 | 7.5 High |
| Microsoft Message Queuing Information Disclosure Vulnerability | ||||
| CVE-2025-21288 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-04-02 | 6.5 Medium |
| Windows COM Server Information Disclosure Vulnerability | ||||
| CVE-2025-21272 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-04-02 | 6.5 Medium |
| Windows COM Server Information Disclosure Vulnerability | ||||
| CVE-2024-3862 | 1 Mozilla | 1 Firefox | 2025-03-31 | 5.3 Medium |
| The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125. | ||||
| CVE-2025-1942 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-28 | 9.8 Critical |
| When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136. | ||||
| CVE-2025-27810 | 2025-03-27 | 5.4 Medium | ||
| Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays. | ||||
| CVE-2023-22281 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2025-03-26 | 7.5 High |
| On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-11364 | 1 Rockwellautomation | 1 Arena | 2025-03-20 | 7.3 High |
| Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
| CVE-2024-29780 | 1 Google | 1 Android | 2025-03-18 | 5.5 Medium |
| In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29785 | 1 Google | 1 Android | 2025-03-18 | 5.5 Medium |
| In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-32910 | 1 Google | 1 Android | 2025-03-13 | 5.5 Medium |
| In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||