Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22925 | 8 Apple, Fedoraproject, Haxx and 5 more | 28 Mac Os X, Macos, Fedora and 25 more | 2024-08-03 | 5.3 Medium |
| curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. | ||||
| CVE-2021-22898 | 7 Debian, Fedoraproject, Haxx and 4 more | 13 Debian Linux, Fedora, Curl and 10 more | 2024-08-03 | 3.1 Low |
| curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. | ||||
| CVE-2021-21966 | 1 Ti | 15 Cc3100, Cc3100 Firmware, Cc3120 and 12 more | 2024-08-03 | 5.3 Medium |
| An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21781 | 3 Linux, Oracle, Redhat | 5 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 2 more | 2024-08-03 | 3.3 Low |
| An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 | ||||
| CVE-2021-21218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-03 | 5.5 Medium |
| Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | ||||
| CVE-2021-21190 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-03 | 8.8 High |
| Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | ||||
| CVE-2021-3928 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-08-03 | 7.8 High |
| vim is vulnerable to Use of Uninitialized Variable | ||||
| CVE-2021-3545 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-03 | 6.5 Medium |
| An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. | ||||
| CVE-2021-1104 | 1 Risc-v | 1 Instruction Set Manual | 2024-08-03 | 9.8 Critical |
| The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service. | ||||
| CVE-2021-0938 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel | ||||
| CVE-2021-0887 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817 | ||||
| CVE-2021-0698 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848165 | ||||
| CVE-2021-0634 | 1 Google | 1 Android | 2024-08-03 | 6.7 Medium |
| In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994. | ||||
| CVE-2021-0530 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175 | ||||
| CVE-2021-0495 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183459083 | ||||
| CVE-2021-0463 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068 | ||||
| CVE-2021-0526 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195264 | ||||
| CVE-2021-0473 | 1 Google | 1 Android | 2024-08-03 | 8.8 High |
| In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 | ||||
| CVE-2022-47012 | 1 Solarwinds | 1 Dynamips | 2024-08-03 | 7.5 High |
| Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | ||||
| CVE-2022-40768 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-08-03 | 5.5 Medium |
| drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | ||||