Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35000 | 2024-09-18 | N/A | 3.3 LOW | ||
| OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-16112. | |||||
| CVE-2021-34999 | 2024-09-18 | N/A | 3.8 LOW | ||
| OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-14540. | |||||
| CVE-2024-7526 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-09-17 | N/A | 6.5 MEDIUM |
| ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-43458 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-17 | N/A | 7.7 HIGH |
| Windows Networking Information Disclosure Vulnerability | |||||
| CVE-2024-45615 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). | |||||
| CVE-2024-45616 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. | |||||
| CVE-2024-45617 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | |||||
| CVE-2024-45618 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-13 | N/A | 3.9 LOW |
| A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | |||||
| CVE-2024-38254 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-09-13 | N/A | 6.2 MEDIUM |
| Windows Authentication Information Disclosure Vulnerability | |||||
| CVE-2024-38256 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2024-09-13 | N/A | 5.5 MEDIUM |
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | |||||
| CVE-2024-38257 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-09-13 | N/A | 7.5 HIGH |
| Microsoft AllJoyn API Information Disclosure Vulnerability | |||||
| CVE-2024-38260 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-13 | N/A | 8.8 HIGH |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2019-7321 | 1 Artifex | 1 Mupdf | 2024-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. | |||||
| CVE-2024-7868 | 1 Xpdfreader | 1 Xpdf | 2024-09-11 | N/A | 8.2 HIGH |
| In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | |||||
| CVE-2024-41059 | 1 Linux | 1 Linux Kernel | 2024-09-10 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3877 [inline] slab_alloc_node mm/slub.c:3918 [inline] kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065 kmalloc include/linux/slab.h:628 [inline] hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [Fix] When allocating memory to strbuf, initialize memory to 0. | |||||
| CVE-2024-44983 | 1 Linux | 1 Linux Kernel | 2024-09-10 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5440 [inline] | |||||
| CVE-2024-8654 | 2024-09-10 | N/A | 5.0 MEDIUM | ||
| MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3. | |||||
| CVE-2024-38381 | 1 Linux | 1 Linux Kernel | 2024-09-09 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded. | |||||
| CVE-2023-46100 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 5.5 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. | |||||
| CVE-2024-8178 | 1 Freebsd | 1 Freebsd | 2024-09-06 | N/A | 8.8 HIGH |
| The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | |||||