ReportizFlow
Filtered by vendor
Subscriptions
Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39491 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance The cs_dsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a missing call to cs_dsp_remove() in the error path of cs35l56_hda_common_probe(). The call to cs_dsp_remove() was being done in the component unbind callback cs35l56_hda_unbind(). This meant that if the driver was unbound and then re-bound it would be using an uninitialized cs_dsp instance. It is best to initialize the cs_dsp instance in probe() so that it can return an error if it fails. The component binding API doesn't have any error handling so there's no way to handle a failure if cs_dsp was initialized in the bind. | ||||
| CVE-2025-36893 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-23137 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-28 | 7.8 High |
| A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. | ||||
| CVE-2024-8896 | 1 Autodesk | 14 Advance Steel, Autocad, Autocad Advance Steel and 11 more | 2025-08-26 | 7.8 High |
| A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-55198 | 1 Helm | 1 Helm | 2025-08-22 | 6.5 Medium |
| Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm. | ||||
| CVE-2021-34999 | 1 Openbsd | 1 Openbsd | 2025-08-14 | 5.5 Medium |
| OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-14540. | ||||
| CVE-2021-35000 | 1 Openbsd | 1 Openbsd | 2025-08-14 | N/A |
| OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-16112. | ||||
| CVE-2025-26803 | 1 Phusion | 1 Passenger | 2025-07-13 | 5.3 Medium |
| The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method. | ||||
| CVE-2024-11364 | 2 Microsoft, Rockwellautomation | 2 Windows, Arena | 2025-07-11 | 7.3 High |
| Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
| CVE-2018-9378 | 1 Google | 1 Android | 2025-07-10 | 6.2 Medium |
| In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-24941 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2025-07-10 | 9.8 Critical |
| Windows Network File System Remote Code Execution Vulnerability | ||||
| CVE-2024-38122 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | 5.5 Medium |
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | ||||
| CVE-2024-38118 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | 5.5 Medium |
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | ||||
| CVE-2024-49029 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-07-08 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2024-43537 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | 6.5 Medium |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | ||||
| CVE-2024-43502 | 1 Microsoft | 4 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 1 more | 2025-07-08 | 7.1 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-36022 | 1 Redhat | 1 Enterprise Linux | 2025-06-19 | 4.4 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-43845 | 1 Linux | 1 Linux Kernel | 2025-06-19 | 3.3 Low |
| In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation. | ||||
| CVE-2023-42797 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2025-06-03 | 6.6 Medium |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup. | ||||
| CVE-2023-32213 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-05-27 | 8.8 High |
| When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||