Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56085

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-03 Jul, 2026 | 12:46
Updated At-03 Jul, 2026 | 12:46
Rejected At-
Credits

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–ĽCommon Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:03 Jul, 2026 | 12:46
Updated At:03 Jul, 2026 | 12:46
Rejected At:
â–ĽCVE Numbering Authority (CNA)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerProtect Data Domain
Default Status
unaffected
Versions
Affected
  • From 0 before 8.8.0.0 or later (semver)
  • From 0 before 8.6.1.20 or later (semver)
  • From 0 before 8.3.1.40 or later (semver)
  • From 0 before 7.13.1.80 or later (semver)
Problem Types
TypeCWE IDDescription
CWECWE-908CWE-908: Use of Uninitialized Resource
Type: CWE
CWE ID: CWE-908
Description: CWE-908: Use of Uninitialized Resource
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

other
Dell would like to thank kam1tsur3 for reporting this issue.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Resource:
vendor-advisory
Information is not available yet
â–ĽNational Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:03 Jul, 2026 | 13:17
Updated At:03 Jul, 2026 | 13:17

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-908Primarysecurity_alert@emc.com
CWE ID: CWE-908
Type: Primary
Source: security_alert@emc.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilitiessecurity_alert@emc.com
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Source: security_alert@emc.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

24Records found

CVE-2021-36282
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-2.5||LOW
EPSS-0.20% / 10.14%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-23378
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.15% / 4.43%
||
7 Day CHG+0.01%
Published-10 Apr, 2025 | 02:26
Updated-15 Jul, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2026-28264
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.13% / 2.94%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 11:24
Updated-02 Jun, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Agent
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36319
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.23% / 13.64%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Dell Networking OS10
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-21534
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4||MEDIUM
EPSS-0.23% / 13.18%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.93% / 56.08%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:15
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-48838
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.15% / 4.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:36
Updated-15 Nov, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-28977
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.23% / 13.42%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:08
Updated-21 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM) repository_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31237
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.23% / 13.94%
||
7 Day CHG~0.00%
Published-22 Aug, 2022 | 16:50
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-37135
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.13% / 3.19%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 14:00
Updated-22 Nov, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Data Manager Appliance Software (DMAS)
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2024-0154
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.8||LOW
EPSS-0.20% / 10.36%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 16:41
Updated-31 Jan, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r860poweredge_r6625_firmwareemc_xc_core_xc7525_firmwarepoweredge_r750_firmwarepoweredge_c6320poweredge_r430poweredge_r760xa_firmwarenx440_firmwarexc_core_xc760_firmwareemc_xc_core_xc650_firmwaredss_8440poweredge_c6620poweredge_xr5610emc_xc_core_xc650poweredge_r630poweredge_c6620_firmwarepoweredge_r7615poweredge_r660_firmwarepoweredge_r860_firmwareemc_xc_core_6420_systemnx3340_firmwarepoweredge_r750xaemc_xc_core_xc940_systempoweredge_r730xd_firmwarenx3340poweredge_c6420_firmwareemc_xc_core_xc750_firmwareemc_xc_core_xc740xd2_firmwarepoweredge_r840poweredge_hs5620poweredge_r940xa_firmwarepoweredge_hs5620_firmwarepoweredge_xr7620_firmwarepoweredge_xe9680_firmwarepoweredge_r540poweredge_r350_firmwarepoweredge_t630_firmwarepoweredge_t640poweredge_fc430poweredge_mx840cpoweredge_r740poweredge_mx740cpoweredge_t340poweredge_r240poweredge_r760_firmwarepoweredge_t140poweredge_c4130xc6320_firmwarepoweredge_r660xsxc630_firmwarepoweredge_r450emc_xc_core_xc640_systempoweredge_r7625poweredge_r250_firmwarepoweredge_t340_firmwarenx3230poweredge_fc640_firmwarepoweredge_t550poweredge_r740xd_firmwarepoweredge_r230poweredge_m830_\(pe_vrtx\)_firmwarepoweredge_c6525_firmwarepoweredge_xr8620t_firmwarepoweredge_fc640poweredge_r430_firmwarepoweredge_r7515_firmwarepoweredge_r7525_firmwarepoweredge_m630_firmwarepoweredge_r730xdpoweredge_hs5610poweredge_r6625poweredge_t130poweredge_r650dss_8440_firmwarepoweredge_r550_firmwarepoweredge_r440_firmwarepoweredge_r240_firmwarepoweredge_r640_firmwarenx3240_firmwarepoweredge_r730poweredge_m640_\(pe_vrtx\)_firmwarepoweredge_m830poweredge_r760xapoweredge_r6515_firmwarepoweredge_r960poweredge_r350xc_core_xc660poweredge_r830poweredge_r760xd2_firmwarepoweredge_c6615_firmwarepoweredge_xr4510c_firmwarexc730nx440poweredge_xr7620poweredge_mx760c_firmwarepoweredge_xr4510cpoweredge_c4130_firmwarepoweredge_xr8610t_firmwarepoweredge_t150_firmwarenx3330_firmwarepoweredge_c6320_firmwarexc430poweredge_xr4520c_firmwarepoweredge_r340_firmwarexc_core_xc7625_firmwareemc_xc_core_xc450_firmwarepoweredge_r530_firmwarepoweredge_xr8620tpoweredge_xr12_firmwarenx3330emc_xc_core_xc740xd_systempoweredge_t430_firmwarepoweredge_xr2_firmwarepoweredge_m630_\(pe_vrtx\)_firmwarepoweredge_r330poweredge_m640poweredge_xe9680poweredge_t440_firmwarepoweredge_c4140emc_xc_core_xc640_system_firmwarepoweredge_t330poweredge_fc830_firmwareemc_xc_core_xc750xapoweredge_xr11poweredge_fc830poweredge_r760xspoweredge_t350xc730_firmwarepoweredge_r750xa_firmwarepoweredge_mx760cpoweredge_r7515poweredge_r740xd2poweredge_mx840c_firmwareemc_xc_core_xc750poweredge_m640_firmwarepoweredge_c4140_firmwarepoweredge_xe7420_firmwarepoweredge_r760xd2poweredge_m630_\(pe_vrtx\)poweredge_c6525poweredge_r6525poweredge_c6420nx3230_firmwarenx430_firmwarepoweredge_r750xs_firmwarexc_core_xc760xc730xdpoweredge_m830_firmwarepoweredge_r6525_firmwarepoweredge_r250poweredge_r440emc_xc_core_xc740xd_system_firmwarepoweredge_xe8640emc_xc_core_xc750xa_firmwarepoweredge_r7625_firmwarepoweredge_t550_firmwarepoweredge_r740_firmwarepoweredge_t640_firmwarepoweredge_mx740c_firmwarepoweredge_r930poweredge_xe7440poweredge_hs5610_firmwarepoweredge_c6615poweredge_r230_firmwarepoweredge_r630_firmwarepoweredge_r740xdpoweredge_r940xapoweredge_xe9640_firmwarepoweredge_t440poweredge_t140_firmwarepoweredge_r6615_firmwarepoweredge_r640poweredge_xr2poweredge_r940nx430poweredge_mx750c_firmwarenx3240poweredge_fc630_firmwarexc6320emc_xc_core_xc940_system_firmwarexc_core_xc7625poweredge_r6615xc730xd_firmwarepoweredge_r550xc630poweredge_r650xs_firmwarepoweredge_fc630poweredge_r6515xc430_firmwarepoweredge_r930_firmwarepoweredge_xr12poweredge_m640_\(pe_vrtx\)poweredge_r740xd2_firmwareemc_xc_core_xc450emc_xc_core_xc7525poweredge_xr8610tpoweredge_xr4520cpoweredge_xe9640poweredge_r750poweredge_r650xspoweredge_r530poweredge_r840_firmwarepoweredge_r730_firmwareemc_xc_core_xc6520poweredge_t150poweredge_xe8640_firmwarepoweredge_t350_firmwarepoweredge_c6520_firmwarepoweredge_t560_firmwarepoweredge_r960_firmwarepoweredge_r540_firmwarepoweredge_r330_firmwarepoweredge_t330_firmwarepoweredge_xe8545poweredge_t430poweredge_r7525poweredge_xe8545_firmwarepoweredge_r7615_firmwarepoweredge_t630emc_xc_core_6420_system_firmwarepoweredge_r340poweredge_m830_\(pe_vrtx\)poweredge_xr5610_firmwarepoweredge_xe7440_firmwarepoweredge_r760xs_firmwareemc_xc_core_xc740xd2emc_xc_core_xc6520_firmwarexc_core_xc660_firmwarepoweredge_t560poweredge_c6520poweredge_r450_firmwarepoweredge_xe7420poweredge_m630poweredge_xr11_firmwarepoweredge_r750xspoweredge_r660xs_firmwarepoweredge_t130_firmwareemc_xc_core_xcxr2_firmwareemc_xc_core_xcxr2poweredge_r760poweredge_r940_firmwarepoweredge_xe2420_firmwarepoweredge_r650_firmwarepoweredge_fc430_firmwarepoweredge_xe2420poweredge_mx750cpoweredge_r830_firmwarepoweredge_r660PowerEdge Platform
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0173
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.8||LOW
EPSS-0.17% / 6.54%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 16:52
Updated-31 Jan, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r860poweredge_r6625_firmwareemc_xc_core_xc7525_firmwarepoweredge_r750_firmwarepoweredge_c6320poweredge_r430poweredge_r760xa_firmwarenx440_firmwarexc_core_xc760_firmwareemc_xc_core_xc650_firmwaredss_8440poweredge_c6620poweredge_xr5610emc_xc_core_xc650poweredge_r630poweredge_c6620_firmwarepoweredge_r7615poweredge_r660_firmwarepoweredge_r860_firmwareemc_xc_core_6420_systemnx3340_firmwarepoweredge_r750xaemc_xc_core_xc940_systempoweredge_r730xd_firmwarenx3340poweredge_c6420_firmwareemc_xc_core_xc750_firmwareemc_xc_core_xc740xd2_firmwarepoweredge_r840poweredge_hs5620poweredge_r940xa_firmwarepoweredge_hs5620_firmwarepoweredge_xr7620_firmwarepoweredge_xe9680_firmwarepoweredge_r540poweredge_r350_firmwarepoweredge_t630_firmwarepoweredge_t640poweredge_fc430poweredge_mx840cpoweredge_r740poweredge_mx740cpoweredge_t340poweredge_r240poweredge_r760_firmwarepoweredge_t140poweredge_c4130xc6320_firmwarepoweredge_r660xsxc630_firmwarepoweredge_r450emc_xc_core_xc640_systempoweredge_r7625poweredge_r250_firmwarepoweredge_t340_firmwarenx3230poweredge_fc640_firmwarepoweredge_t550poweredge_r740xd_firmwarepoweredge_r230poweredge_m830_\(pe_vrtx\)_firmwarepoweredge_c6525_firmwarepoweredge_xr8620t_firmwarepoweredge_fc640poweredge_r430_firmwarepoweredge_r7515_firmwarepoweredge_r7525_firmwarepoweredge_m630_firmwarepoweredge_r730xdpoweredge_hs5610poweredge_r6625poweredge_t130poweredge_r650dss_8440_firmwarepoweredge_r550_firmwarepoweredge_r440_firmwarepoweredge_r240_firmwarepoweredge_r640_firmwarenx3240_firmwarepoweredge_r730poweredge_m640_\(pe_vrtx\)_firmwarepoweredge_m830poweredge_r760xapoweredge_r6515_firmwarepoweredge_r960poweredge_r350xc_core_xc660poweredge_r830poweredge_r760xd2_firmwarepoweredge_c6615_firmwarepoweredge_xr4510c_firmwarexc730nx440poweredge_xr7620poweredge_mx760c_firmwarepoweredge_xr4510cpoweredge_c4130_firmwarepoweredge_xr8610t_firmwarepoweredge_t150_firmwarenx3330_firmwarepoweredge_c6320_firmwarexc430poweredge_xr4520c_firmwarepoweredge_r340_firmwarexc_core_xc7625_firmwareemc_xc_core_xc450_firmwarepoweredge_r530_firmwarepoweredge_xr8620tpoweredge_xr12_firmwarenx3330emc_xc_core_xc740xd_systempoweredge_t430_firmwarepoweredge_xr2_firmwarepoweredge_m630_\(pe_vrtx\)_firmwarepoweredge_r330poweredge_m640poweredge_xe9680poweredge_t440_firmwarepoweredge_c4140emc_xc_core_xc640_system_firmwarepoweredge_t330poweredge_fc830_firmwareemc_xc_core_xc750xapoweredge_xr11poweredge_fc830poweredge_r760xspoweredge_t350xc730_firmwarepoweredge_r750xa_firmwarepoweredge_mx760cpoweredge_r7515poweredge_r740xd2poweredge_mx840c_firmwareemc_xc_core_xc750poweredge_m640_firmwarepoweredge_c4140_firmwarepoweredge_xe7420_firmwarepoweredge_r760xd2poweredge_m630_\(pe_vrtx\)poweredge_c6525poweredge_r6525poweredge_c6420nx3230_firmwarenx430_firmwarepoweredge_r750xs_firmwarexc_core_xc760xc730xdpoweredge_m830_firmwarepoweredge_r6525_firmwarepoweredge_r250poweredge_r440emc_xc_core_xc740xd_system_firmwarepoweredge_xe8640emc_xc_core_xc750xa_firmwarepoweredge_r7625_firmwarepoweredge_t550_firmwarepoweredge_r740_firmwarepoweredge_t640_firmwarepoweredge_mx740c_firmwarepoweredge_r930poweredge_xe7440poweredge_hs5610_firmwarepoweredge_c6615poweredge_r230_firmwarepoweredge_r630_firmwarepoweredge_r740xdpoweredge_r940xapoweredge_xe9640_firmwarepoweredge_t440poweredge_t140_firmwarepoweredge_r6615_firmwarepoweredge_r640poweredge_xr2poweredge_r940nx430poweredge_mx750c_firmwarenx3240poweredge_fc630_firmwarexc6320emc_xc_core_xc940_system_firmwarexc_core_xc7625poweredge_r6615xc730xd_firmwarepoweredge_r550xc630poweredge_r650xs_firmwarepoweredge_fc630poweredge_r6515xc430_firmwarepoweredge_r930_firmwarepoweredge_xr12poweredge_m640_\(pe_vrtx\)poweredge_r740xd2_firmwareemc_xc_core_xc450emc_xc_core_xc7525poweredge_xr8610tpoweredge_xr4520cpoweredge_xe9640poweredge_r750poweredge_r650xspoweredge_r530poweredge_r840_firmwarepoweredge_r730_firmwareemc_xc_core_xc6520poweredge_t150poweredge_xe8640_firmwarepoweredge_t350_firmwarepoweredge_c6520_firmwarepoweredge_t560_firmwarepoweredge_r960_firmwarepoweredge_r540_firmwarepoweredge_r330_firmwarepoweredge_t330_firmwarepoweredge_xe8545poweredge_t430poweredge_r7525poweredge_xe8545_firmwarepoweredge_r7615_firmwarepoweredge_t630emc_xc_core_6420_system_firmwarepoweredge_r340poweredge_m830_\(pe_vrtx\)poweredge_xr5610_firmwarepoweredge_xe7440_firmwarepoweredge_r760xs_firmwareemc_xc_core_xc740xd2emc_xc_core_xc6520_firmwarexc_core_xc660_firmwarepoweredge_t560poweredge_c6520poweredge_r450_firmwarepoweredge_xe7420poweredge_m630poweredge_xr11_firmwarepoweredge_r750xspoweredge_r660xs_firmwarepoweredge_t130_firmwareemc_xc_core_xcxr2_firmwareemc_xc_core_xcxr2poweredge_r760poweredge_r940_firmwarepoweredge_xe2420_firmwarepoweredge_r650_firmwarepoweredge_fc430_firmwarepoweredge_xe2420poweredge_mx750cpoweredge_r830_firmwarepoweredge_r660PowerEdge Platform
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-31649
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.7||HIGH
EPSS-0.23% / 13.29%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 22:55
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability.

Action-Not Available
Vendor-Broadcom Inc.Dell Inc.
Product-ControlVault3ControlVault3 PlusBCM5820X
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-31361
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.7||HIGH
EPSS-0.21% / 11.58%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 22:54
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

Action-Not Available
Vendor-Broadcom Inc.Dell Inc.
Product-ControlVault3ControlVault3 PlusBCM5820X
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-34390
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.16% / 5.45%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-12 May, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_area-51_r4_firmwarealienware_area-51_r5_firmwarealienware_area-51_r5alienware_area-51_r4CPG BIOS
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-7541
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.30% / 21.42%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:53
Updated-29 Aug, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMT commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23308.

Action-Not Available
Vendor-ofono_projectoFono
Product-ofonooFono
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-7542
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.30% / 21.42%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:53
Updated-29 Aug, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMGR commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23309.

Action-Not Available
Vendor-ofono_projectoFonoofono
Product-ofonooFonoofono
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-7540
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.30% / 21.42%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:53
Updated-29 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMGL commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23307.

Action-Not Available
Vendor-ofono_projectoFono
Product-ofonooFono
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-29371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.69% / 48.25%
||
7 Day CHG~0.00%
Published-28 Nov, 2020 | 06:19
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-26271
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.21% / 11.65%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 22:10
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap out of bounds access in MakeEdge in TensorFlow

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-10732
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.62% / 45.18%
||
7 Day CHG~0.00%
Published-12 Jun, 2020 | 00:00
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

Action-Not Available
Vendor-Linux kernelLinux Kernel Organization, IncNetApp, Inc.openSUSECanonical Ltd.
Product-aff_8300ubuntu_linuxh300eh500sh410c_firmwareh300s_firmwareactive_iq_unified_manageraff_a400_firmwareh410saff_8700h300ssolidfiresteelstore_cloud_integrated_storageh300e_firmwareaff_8300_firmwarelinux_kernelh500ehci_management_nodeh410s_firmwareaff_a700_firmwareh500s_firmwareh500e_firmwareh700s_firmwareaff_a400h700eaff_8700_firmwareh410ch700e_firmwareh700saff_a700leapkernel
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-24448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.40% / 31.97%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 19:45
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-3435
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-4||MEDIUM
EPSS-0.21% / 11.82%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 19:45
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
L2CAP: Information leakage in le_ecred_conn_req()

Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-21781
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-4||MEDIUM
EPSS-0.53% / 41.06%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 14:37
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncOracle Corporation
Product-communications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policylinux_kernelcommunications_cloud_native_core_network_exposure_functionLinux Kernel
CWE ID-CWE-908
Use of Uninitialized Resource
Details not found