Total
301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11323 | 1 Haproxy | 1 Haproxy | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error. | |||||
| CVE-2018-6132 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. | |||||
| CVE-2019-13135 | 4 Canonical, Debian, F5 and 1 more | 5 Ubuntu Linux, Debian Linux, Big-ip Application Acceleration Manager and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. | |||||
| CVE-2019-11038 | 8 Canonical, Debian, Fedoraproject and 5 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | |||||
| CVE-2019-16144 | 1 Generator-rs Project | 1 Generator-rs | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. | |||||
| CVE-2019-1010317 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. | |||||
| CVE-2019-1010319 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. | |||||
| CVE-2018-20992 | 1 Claxon Project | 1 Claxon | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. | |||||
| CVE-2018-20029 | 3 Dokan-dev, Microsoft, Nomachine | 3 Dokanfs, Windows 10, Nomachine | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read. | |||||
| CVE-2018-15911 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | |||||
| CVE-2018-9499 | 1 Google | 1 Android | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474 | |||||
| CVE-2018-12011 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure. | |||||
| CVE-2018-14551 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. | |||||
| CVE-2018-8378 | 1 Microsoft | 9 Excel Viewer, Office, Office Compatibility Pack and 6 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office. | |||||
| CVE-2018-3975 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution. | |||||
| CVE-2018-7166 | 1 Nodejs | 1 Node.js | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information. | |||||
| CVE-2018-19626 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. | |||||
| CVE-2018-9557 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357. | |||||
| CVE-2018-6982 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2023-12-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest. | |||||
| CVE-2018-8627 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598. | |||||