Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30578 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-03 | 8.8 High |
| Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | ||||
| CVE-2021-30027 | 1 Md4c Project | 1 Md4c | 2024-08-03 | 5.5 Medium |
| md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. | ||||
| CVE-2021-29980 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-08-03 | 8.8 High |
| Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | ||||
| CVE-2021-29937 | 1 Telemetry Project | 1 Telemetry | 2024-08-03 | 9.8 Critical |
| An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). | ||||
| CVE-2021-29936 | 1 Adtensor Project | 1 Adtensor | 2024-08-03 | 9.8 Critical |
| An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix. | ||||
| CVE-2021-29934 | 1 Uu Od Project | 1 Uu Od | 2024-08-03 | 7.3 High |
| An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation. | ||||
| CVE-2021-29648 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. | ||||
| CVE-2021-29631 | 1 Freebsd | 1 Freebsd | 2024-08-03 | 7.8 High |
| In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process. | ||||
| CVE-2021-29623 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-08-03 | 3.6 Low |
| Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. | ||||
| CVE-2021-29580 | 1 Google | 1 Tensorflow | 2024-08-03 | 2.5 Low |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a `CHECK` condition becomes false and aborts the process. The implementation(https://github.com/tensorflow/tensorflow/blob/169054888d50ce488dfde9ca55d91d6325efbd5b/tensorflow/core/kernels/fractional_max_pool_op.cc#L215) fails to validate that input and output tensors are not empty and are of the same rank. Each of these unchecked assumptions is responsible for the above issues. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | ||||
| CVE-2021-29581 | 1 Google | 1 Tensorflow | 2024-08-03 | 2.5 Low |
| TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation faults. The implementation(https://github.com/tensorflow/tensorflow/blob/a74768f8e4efbda4def9f16ee7e13cf3922ac5f7/tensorflow/core/kernels/ctc_decoder_ops.cc#L68-L79) fails to detect cases when the input tensor is empty and proceeds to read data from a null buffer. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | ||||
| CVE-2021-28030 | 1 Truetype Project | 1 Truetype | 2024-08-03 | 7.5 High |
| An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. | ||||
| CVE-2021-28029 | 1 Toodee Project | 1 Toodee | 2024-08-03 | 7.5 High |
| An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. | ||||
| CVE-2021-28035 | 1 Stack Dst Project | 1 Stack Dst | 2024-08-03 | 9.8 Critical |
| An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. | ||||
| CVE-2021-28033 | 1 Byte Struct Project | 1 Byte Struct | 2024-08-03 | 9.8 Critical |
| An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. | ||||
| CVE-2021-26952 | 1 Ms3d Project | 1 Ms3d | 2024-08-03 | 7.5 High |
| An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read. | ||||
| CVE-2021-26951 | 1 Calamine Project | 1 Calamine | 2024-08-03 | 9.8 Critical |
| An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get. | ||||
| CVE-2021-26953 | 1 Postscript Project | 1 Postscript | 2024-08-03 | 7.5 High |
| An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation. | ||||
| CVE-2021-26305 | 1 Cdr Project | 1 Cdr | 2024-08-03 | 9.8 Critical |
| An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. | ||||
| CVE-2021-25905 | 1 Bra Project | 1 Bra | 2024-08-03 | 9.1 Critical |
| An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory. | ||||