Vulnerabilities > Use of Uninitialized Resource

DATE CVE VULNERABILITY TITLE RISK
2018-05-02 CVE-2018-10115 Use of Uninitialized Resource vulnerability in 7-Zip
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
local
low complexity
7-zip CWE-908
7.8
2018-04-12 CVE-2018-1037 Use of Uninitialized Resource vulnerability in Microsoft Visual Studio and Visual Studio 2017
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
network
low complexity
microsoft CWE-908
4.3
2018-03-14 CVE-2018-0919 Use of Uninitialized Resource vulnerability in Microsoft products
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-908
3.3
2017-10-27 CVE-2017-5103 Use of Uninitialized Resource vulnerability in multiple products
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian redhat CWE-908
4.3
2017-10-27 CVE-2017-5102 Use of Uninitialized Resource vulnerability in multiple products
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian redhat CWE-908
4.3
2017-06-07 CVE-2017-4905 Use of Uninitialized Resource vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage.
local
low complexity
vmware CWE-908
5.5
2017-05-19 CVE-2017-9098 Use of Uninitialized Resource vulnerability in multiple products
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users.
network
low complexity
imagemagick graphicsmagick debian CWE-908
7.5
2016-09-02 CVE-2016-5105 Use of Uninitialized Resource vulnerability in multiple products
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.
local
low complexity
qemu canonical debian CWE-908
4.4
2016-03-12 CVE-2016-0821 Use of Uninitialized Resource vulnerability in multiple products
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
local
low complexity
linux google CWE-908
5.5
2015-12-02 CVE-2015-8390 Use of Uninitialized Resource vulnerability in multiple products
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
network
low complexity
pcre fedoraproject php CWE-908
critical
9.8