Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-40418

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-22 Dec, 2021 | 18:07
Updated At-04 Aug, 2024 | 02:44
Rejected At-
Credits

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:22 Dec, 2021 | 18:07
Updated At:04 Aug, 2024 | 02:44
Rejected At:
▼CVE Numbering Authority (CNA)

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

Affected Products
Vendor
n/a
Product
Blackmagic Design
Versions
Affected
  • Blackmagic Design DaVinci Resolve 17.3.1.0005
Problem Types
TypeCWE IDDescription
CWECWE-457CWE-457: Use of Uninitialized Variable
Type: CWE
CWE ID: CWE-457
Description: CWE-457: Use of Uninitialized Variable
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427
x_refsource_MISC
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427
x_refsource_MISC
x_transferred
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:22 Dec, 2021 | 19:15
Updated At:03 Sep, 2022 | 03:30

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
blackmagicdesign
blackmagicdesign
>>davinci_resolve>>17.3.1.0005
cpe:2.3:a:blackmagicdesign:davinci_resolve:17.3.1.0005:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-908Primarynvd@nist.gov
CWE-457Secondarytalos-cna@cisco.com
CWE ID: CWE-908
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-457
Type: Secondary
Source: talos-cna@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427talos-cna@cisco.com
Exploit
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

66Records found
CVE-2021-40417
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 81.71%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 18:07
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.

Action-Not Available
Vendor-blackmagicdesignn/a
Product-davinci_resolveBlackmagic Design
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-57441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.32%
||
7 Day CHG+0.05%
Published-22 Sep, 2025 | 00:00
Updated-17 Oct, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks.

Action-Not Available
Vendor-blackmagicdesignn/a
Product-atem_mini_proatem_mini_pro_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-57432
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 59.49%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 00:00
Updated-14 Oct, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.

Action-Not Available
Vendor-blackmagicdesignn/a
Product-web_presenter_hd_firmwareweb_presenter_4kweb_presenter_hdweb_presenter_4k_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-57437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.32%
||
7 Day CHG+0.05%
Published-22 Sep, 2025 | 00:00
Updated-10 Oct, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC, DNS - Current stream platform, stream key, and streaming URL - Audio/video configuration This data can be used to hijack live streams or perform network reconnaissance.

Action-Not Available
Vendor-blackmagicdesignn/a
Product-web_presenter_hd_firmwareweb_presenter_hdn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-12730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.42% / 85.40%
||
7 Day CHG~0.00%
Published-04 Jun, 2019 | 13:14
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-5095
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.17% / 91.00%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxubuntu_linuxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-26437
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 81.17%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt2625nbiot_sdkmt2621MT2621, MT2625
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-29934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.35% / 57.71%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 04:24
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.

Action-Not Available
Vendor-uu_od_projectn/a
Product-uu_odn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-29937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 67.12%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 04:23
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size().

Action-Not Available
Vendor-telemetry_projectn/a
Product-telemetryn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-29936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 66.52%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 04:23
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.

Action-Not Available
Vendor-adtensor_projectn/a
Product-adtensorn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-28035
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 08:39
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.

Action-Not Available
Vendor-stack_dst_projectn/a
Product-stack_dstn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-14551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.94%
||
7 Day CHG~0.00%
Published-23 Jul, 2018 | 08:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-26951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 66.52%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 22:07
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.

Action-Not Available
Vendor-calamine_projectn/a
Product-calaminen/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-26305
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 66.52%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 02:27
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.

Action-Not Available
Vendor-cdr_projectn/a
Product-cdrn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-6748
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.43%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:40
Updated-27 May, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uninitialized memory in the Audio/Video: Web Codecs component

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2022-21217
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-0.44% / 63.40%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:10
Updated-15 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-27796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.07% / 20.25%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 00:00
Updated-29 Jan, 2026 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

Action-Not Available
Vendor-GraphicsMagick
Product-graphicsmagickGraphicsMagick
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:52
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations.

Action-Not Available
Vendor-binjs_io_projectn/a
Product-binjs_ion/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45688
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:51
Updated-30 Sep, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.

Action-Not Available
Vendor-ash-rsn/a
Product-ashn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 62.20%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations.

Action-Not Available
Vendor-gfx-auxil_projectn/a
Product-gfx-auxiln/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45690
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 62.20%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.

Action-Not Available
Vendor-messagepack-rs_projectn/a
Product-messagepack-rsn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45686
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:44
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations.

Action-Not Available
Vendor-csv-sniffer_projectn/a
Product-csv-sniffern/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45684
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 62.20%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:52
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations.

Action-Not Available
Vendor-flumedb_projectn/a
Product-flumedbn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 62.34%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.

Action-Not Available
Vendor-messagepack-rs_projectn/a
Product-messagepack-rsn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:48
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.

Action-Not Available
Vendor-tectonic_xdv_projectn/a
Product-tectonic_xdvn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45685
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:52
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations.

Action-Not Available
Vendor-columnar_projectn/a
Product-columnarn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.

Action-Not Available
Vendor-messagepack-rs_projectn/a
Product-messagepack-rsn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-45682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:52
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.

Action-Not Available
Vendor-bronzedb-protocol_projectn/a
Product-bronzedb-protocoln/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-25014
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 63.65%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 16:27
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

Action-Not Available
Vendor-webmprojectn/aRed Hat, Inc.
Product-libwebpenterprise_linuxlibwebp
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-1619
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.55%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.6_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b1_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.5_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1d_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.9.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.6_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1s_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.2_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.5_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.2_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.2_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.4_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.3a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1c_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.5_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.3_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.5_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.11.1a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.5_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.2_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.4_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.4_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.2r_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.3b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b1_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1e_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.9.2_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.4a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1d_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.6_when_installed_on_integrated_services_virtualios_xe_sd-wanios_xe_sd-wan_16.9.2_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1d_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.2_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1c_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.5_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1s_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.4a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1f_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1s_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.4_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.5_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1d_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.6_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1s_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.5_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1b1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1c_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1d_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.4a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.3_when_installed_on_1000_series_integrated_servicesios_xeios_xe_sd-wan_16.10.2_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.2r_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1s_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.3b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.4_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.6_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_4000_series_integrated_servicesCisco IOS XE Software
CWE ID-CWE-824
Access of Uninitialized Pointer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-28033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 71.13%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 08:38
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.

Action-Not Available
Vendor-byte_struct_projectn/a
Product-byte_structn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-1942
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.81%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 13:31
Updated-04 Jun, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disclosure of uninitialized memory when .toUpperCase() causes string to get longer

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2015-8390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.87% / 86.55%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Action-Not Available
Vendor-pcren/aThe PHP GroupFedora Project
Product-perl_compatible_regular_expression_libraryphpfedoran/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2015-3414
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.94% / 92.21%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Action-Not Available
Vendor-sqliten/aCanonical Ltd.Apple Inc.The PHP GroupDebian GNU/Linux
Product-debian_linuxubuntu_linuxphpmac_os_xsqlitewatchosn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-10934
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-9.2||CRITICAL
EPSS-0.27% / 50.56%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 19:20
Updated-02 Oct, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenBSD NFS double-free vulnerability

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

Action-Not Available
Vendor-OpenBSD
Product-openbsdOpenBSDopenbsd
CWE ID-CWE-415
Double Free
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2021-45693
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:50
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.

Action-Not Available
Vendor-messagepack-rs_projectn/a
Product-messagepack-rsn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-4489
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-6.4||MEDIUM
EPSS-0.69% / 72.23%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 23:00
Updated-21 May, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Z/IP Gateway Use of Uninitialized PRNG when Generating S0 Encryption Key

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.

Action-Not Available
Vendor-silabssilabs.com
Product-z\/ip_gateway_sdkZ/IP Gateway SDK
CWE ID-CWE-1279
Cryptographic Operations are run Before Supporting Units are Ready
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2012-1891
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-58.98% / 98.26%
||
7 Day CHG~0.00%
Published-10 Jul, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpdata_access_componentswindows_data_access_componentswindows_server_2003n/adata_access_componentswindows_data_access_components
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-1104
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 68.87%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 15:40
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

Action-Not Available
Vendor-risc-vRISCV.org
Product-instruction_set_manualMachine Trap Base Address (MTVEC) Register
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-8654
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-5||MEDIUM
EPSS-0.45% / 64.12%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 13:35
Updated-22 Sep, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MongoDB Server may access non-initialized region of memory leading to unexpected behaviour

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.

Action-Not Available
Vendor-MongoDB, Inc.
Product-mongodbMongoDB Server
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-36452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 70.08%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 05:15
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory.

Action-Not Available
Vendor-array-tools_projectn/a
Product-array-toolsn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-36443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 05:17
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.

Action-Not Available
Vendor-libp2pn/a
Product-libp2p-deflaten/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-36514
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:53
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.

Action-Not Available
Vendor-acc_reader_projectn/a
Product-acc_readern/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-36617
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.6||MEDIUM
EPSS-0.40% / 61.03%
||
7 Day CHG~0.00%
Published-18 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.

Action-Not Available
Vendor-greenendewxrjk
Product-sftpserversftpserver
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-36512
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:53
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.

Action-Not Available
Vendor-buffoon_projectn/a
Product-buffoonn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-36513
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:53
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.

Action-Not Available
Vendor-acc_reader_projectn/a
Product-acc_readern/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-36432
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 05:19
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().

Action-Not Available
Vendor-alg_ds_projectn/a
Product-alg_dsn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-35878
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 63.17%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 08:26
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory.

Action-Not Available
Vendor-ozone_projectn/a
Product-ozonen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-50165
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.53% / 96.09%
||
7 Day CHG+12.28%
Published-12 Aug, 2025 | 17:10
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_24h2Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2008-0081
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-81.77% / 99.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexceln/a
CWE ID-CWE-908
Use of Uninitialized Resource
  • Previous
  • 1
  • 2
  • Next
Details not found