Total
666 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56446 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 4 Medium |
| Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2017-18306 | 1 Qualcomm | 14 Sd 450, Sd 450 Firmware, Sd 625 and 11 more | 2025-01-09 | 8.4 High |
| Information disclosure due to uninitialized variable. | ||||
| CVE-2024-26147 | 2 Helm, Redhat | 5 Helm, Acm, Advanced Cluster Security and 2 more | 2025-01-09 | 7.5 High |
| Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic. | ||||
| CVE-2024-7022 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-36012 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-01 | 5.3 Medium |
| DHCP Server Service Information Disclosure Vulnerability | ||||
| CVE-2023-35326 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-01-01 | 5.5 Medium |
| Windows CDP User Components Information Disclosure Vulnerability | ||||
| CVE-2023-35325 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-01-01 | 7.5 High |
| Windows Print Spooler Information Disclosure Vulnerability | ||||
| CVE-2023-32042 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 6.5 Medium |
| OLE Automation Information Disclosure Vulnerability | ||||
| CVE-2023-32041 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-01-01 | 5.5 Medium |
| Windows Update Orchestrator Service Information Disclosure Vulnerability | ||||
| CVE-2023-29367 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2025-01-01 | 7.8 High |
| iSCSI Target WMI Provider Remote Code Execution Vulnerability | ||||
| CVE-2023-21753 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2025-01-01 | 5.5 Medium |
| Event Tracing for Windows Information Disclosure Vulnerability | ||||
| CVE-2024-43458 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-12-31 | 7.7 High |
| Windows Networking Information Disclosure Vulnerability | ||||
| CVE-2024-38260 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-12-31 | 8.8 High |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38257 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h1 and 8 more | 2024-12-31 | 7.5 High |
| Microsoft AllJoyn API Information Disclosure Vulnerability | ||||
| CVE-2024-38256 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2024-12-31 | 5.5 Medium |
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | ||||
| CVE-2024-38254 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-12-31 | 5.5 Medium |
| Windows Authentication Information Disclosure Vulnerability | ||||
| CVE-2024-9717 | 1 Trimble | 1 Sketchup Viewer | 2024-12-19 | 7.8 High |
| Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24101. | ||||
| CVE-2018-9429 | 1 Google | 1 Android | 2024-12-18 | 6.5 Medium |
| In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2018-9381 | 1 Google | 1 Android | 2024-12-18 | 7.5 High |
| In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21127 | 1 Google | 1 Android | 2024-12-18 | 8.8 High |
| In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191 | ||||