Total
562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32213 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-11-21 | 8.8 High |
| When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2023-31275 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 8.8 High |
| An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-31192 | 1 Softether | 1 Vpn | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2023-22330 | 1 Intel | 176 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 173 more | 2024-11-21 | 6 Medium |
| Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-21276 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21233 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-40768 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | ||||
| CVE-2022-38668 | 1 Crowcpp | 1 Crow | 2024-11-21 | 7.5 High |
| HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | ||||
| CVE-2022-35414 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 8.8 High |
| softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time. | ||||
| CVE-2022-34655 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 7.5 High |
| In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-34390 | 1 Dell | 4 Alienware Area-51 R4, Alienware Area-51 R4 Firmware, Alienware Area-51 R5 and 1 more | 2024-11-21 | 7.5 High |
| Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2022-34266 | 2 Amazon, Libtiff | 2 Linux 2, Libtiff | 2024-11-21 | 5.5 Medium |
| The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. | ||||
| CVE-2022-33716 | 1 Google | 1 Android | 2024-11-21 | 2.3 Low |
| An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. | ||||
| CVE-2022-32745 | 1 Samba | 1 Samba | 2024-11-21 | 8.1 High |
| A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | ||||
| CVE-2022-2308 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.5 Medium |
| A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. | ||||
| CVE-2022-28488 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 7.5 High |
| The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. | ||||
| CVE-2022-26437 | 1 Mediatek | 3 Mt2621, Mt2625, Nbiot Sdk | 2024-11-21 | 9.8 Critical |
| In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831. | ||||
| CVE-2022-26370 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.9 Medium |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-25737 | 1 Qualcomm | 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more | 2024-11-21 | 7.5 High |
| Information disclosure in modem due to missing NULL check while reading packets received from local network | ||||
| CVE-2022-25345 | 1 Discordjs | 1 Opus | 2024-11-21 | 7.5 High |
| All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash. | ||||