Total
403 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20357 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987 | |||||
CVE-2022-32745 | 1 Samba | 1 Samba | 2024-02-28 | N/A | 8.1 HIGH |
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | |||||
CVE-2022-32615 | 2 Google, Mediatek | 4 Android, Mt6983, Mt8871 and 1 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. | |||||
CVE-2022-31026 | 1 Trilogy Project | 1 Trilogy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. | |||||
CVE-2022-28488 | 1 Libwav Project | 1 Libwav | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. | |||||
CVE-2022-26370 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
CVE-2021-3435 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh | |||||
CVE-2022-20096 | 2 Google, Mediatek | 13 Android, Mt6765, Mt6768 and 10 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003. | |||||
CVE-2022-20079 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289. | |||||
CVE-2022-20176 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/A | |||||
CVE-2022-0494 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 4.4 MEDIUM |
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. | |||||
CVE-2022-25345 | 1 Discordjs | 1 Opus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash. | |||||
CVE-2022-20119 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A | |||||
CVE-2021-39671 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630 | |||||
CVE-2022-0115 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
CVE-2022-29205 | 1 Google | 1 Tensorflow | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
CVE-2022-20008 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel | |||||
CVE-2021-40608 | 1 Gpac | 1 Gpac | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||||
CVE-2021-21966 | 1 Ti | 15 Cc3100, Cc3100 Firmware, Cc3120 and 12 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-45693 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations. |