Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45682 | 1 Bronzedb-protocol Project | 1 Bronzedb-protocol | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations. | |||||
| CVE-2021-45683 | 1 Binjs Io Project | 1 Binjs Io | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations. | |||||
| CVE-2021-45703 | 1 Tectonic Xdv Project | 1 Tectonic Xdv | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations. | |||||
| CVE-2021-39680 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A | |||||
| CVE-2021-45684 | 1 Flumedb Project | 1 Flumedb | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations. | |||||
| CVE-2021-34855 | 1 Parallels | 1 Parallels Desktop | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592. | |||||
| CVE-2020-36514 | 1 Acc Reader Project | 1 Acc Reader | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. | |||||
| CVE-2020-36513 | 1 Acc Reader Project | 1 Acc Reader | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations. | |||||
| CVE-2022-23573 | 1 Google | 1 Tensorflow | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2021-43848 | 1 Dena | 1 H2o | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. This internal state includes traffic of other connections in unencrypted form and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 support, between commit 93af138 and d1f0f65. None of the released versions of h2o are affected by this vulnerability. There are no known workarounds. Users of unreleased versions of h2o using HTTP/3 are advised to upgrade immediately. | |||||
| CVE-2018-25023 | 1 Servo | 1 Smallvec | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type. | |||||
| CVE-2021-45688 | 1 Ash Project | 1 Ash | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations. | |||||
| CVE-2021-40418 | 1 Blackmagicdesign | 1 Davinci Resolve | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application. | |||||
| CVE-2020-36511 | 1 Bite Project | 1 Bite | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. | |||||
| CVE-2021-45689 | 1 Gfx-auxil Project | 1 Gfx-auxil | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations. | |||||
| CVE-2021-45692 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations. | |||||
| CVE-2021-45685 | 1 Columnar Project | 1 Columnar | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations. | |||||
| CVE-2021-0634 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994. | |||||
| CVE-2021-41225 | 1 Google | 1 Tensorflow | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41253 | 1 Zyantific | 1 Zydis | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version. | |||||