Total
403 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-26305 | 1 Cdr Project | 1 Cdr | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. | |||||
CVE-2021-0463 | 1 Google | 1 Android | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068 | |||||
CVE-2020-35893 | 1 Simple-slab Project | 1 Simple-slab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | |||||
CVE-2020-26148 | 1 Md4c Project | 1 Md4c | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. | |||||
CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | |||||
CVE-2021-26953 | 1 Postscript Project | 1 Postscript | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation. | |||||
CVE-2020-16985 | 1 Microsoft | 1 Azure Sphere | 2024-02-28 | 2.1 LOW | 6.2 MEDIUM |
Azure Sphere Information Disclosure Vulnerability | |||||
CVE-2020-15989 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
CVE-2021-26952 | 1 Ms3d Project | 1 Ms3d | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read. | |||||
CVE-2020-0361 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151927433 | |||||
CVE-2021-28035 | 1 Stack Dst Project | 1 Stack Dst | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. | |||||
CVE-2020-35888 | 1 Arr Project | 1 Arr | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | |||||
CVE-2020-35878 | 1 Ozone Project | 1 Ozone | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | |||||
CVE-2020-0195 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144686961 | |||||
CVE-2020-14704 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-28 | 4.9 MEDIUM | 6.0 MEDIUM |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | |||||
CVE-2020-0321 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907 | |||||
CVE-2020-0340 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144901522 | |||||
CVE-2020-3964 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. | |||||
CVE-2020-13899 | 1 Meetecho | 1 Janus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory. | |||||
CVE-2020-0101 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096 |