Filtered by CWE-908
Filtered by vendor Subscriptions
Total 586 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-49718 1 Microsoft 2 Sql Server 2019, Sql Server 2022 2025-07-18 7.5 High
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.
CVE-2024-26644 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-07-17 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort: BTRFS: Transaction aborted (error -2) WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs] Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs] RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027 RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840 RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998 R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80 FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0 Call Trace: <TASK> ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? __warn+0x81/0x130 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? report_bug+0x171/0x1a0 ? handle_bug+0x3a/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? create_pending_snapshot+0x1040/0x1190 [btrfs] create_pending_snapshots+0x92/0xc0 [btrfs] btrfs_commit_transaction+0x66b/0xf40 [btrfs] btrfs_mksubvol+0x301/0x4d0 [btrfs] btrfs_mksnapshot+0x80/0xb0 [btrfs] __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs] btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs] btrfs_ioctl+0x8a6/0x2650 [btrfs] ? kmem_cache_free+0x22/0x340 ? do_sys_openat2+0x97/0xe0 __x64_sys_ioctl+0x97/0xd0 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7fe20abe83af RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58 </TASK> ---[ end trace 0000000000000000 ]--- BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry BTRFS info (device vdc: state EA): forced readonly BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction. BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry This happens because create_pending_snapshot() initializes the new root item as a copy of the source root item. This includes the refs field, which is 0 for a deleted subvolume. The call to btrfs_insert_root() therefore inserts a root with refs == 0. btrfs_get_new_fs_root() then finds the root and returns -ENOENT if refs == 0, which causes create_pending_snapshot() to abort. Fix it by checking the source root's refs before attempting the snapshot, but after locking subvol_sem to avoid racing with deletion.
CVE-2025-5777 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-07-17 7.5 High
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVE-2024-12085 8 Almalinux, Archlinux, Gentoo and 5 more 28 Almalinux, Arch Linux, Linux and 25 more 2025-07-16 7.5 High
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
CVE-2025-41239 2025-07-15 7.1 High
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.
CVE-2025-29958 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-15 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29830 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-15 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29829 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-07-15 5.5 Medium
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVE-2025-29959 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-15 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2024-11364 2 Microsoft, Rockwellautomation 2 Windows, Arena 2025-07-11 7.3 High
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVE-2024-13164 1 Ivanti 1 Endpoint Manager 2025-07-11 7.8 High
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
CVE-2025-33070 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-11 8.1 High
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-33052 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2025-07-11 5.5 Medium
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2018-9378 1 Google 1 Android 2025-07-10 6.2 Medium
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-24941 1 Microsoft 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more 2025-07-10 9.8 Critical
Windows Network File System Remote Code Execution Vulnerability
CVE-2024-38122 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 5.5 Medium
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38118 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 5.5 Medium
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2025-27474 1 Microsoft 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more 2025-07-08 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2024-49029 1 Microsoft 4 365 Apps, Excel, Office and 1 more 2025-07-08 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-43537 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-07-08 6.5 Medium
Windows Mobile Broadband Driver Denial of Service Vulnerability