Total
544 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36512 | 1 Buffoon Project | 1 Buffoon | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations. | ||||
| CVE-2020-36511 | 1 Bite Project | 1 Bite | 2024-11-21 | 7.5 High |
| An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. | ||||
| CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | ||||
| CVE-2020-36443 | 1 Libp2p | 1 Libp2p-deflate | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function. | ||||
| CVE-2020-36432 | 1 Alg Ds Project | 1 Alg Ds | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). | ||||
| CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2024-11-21 | 7.8 High |
| An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | ||||
| CVE-2020-35893 | 1 Simple-slab Project | 1 Simple-slab | 2024-11-21 | 7.5 High |
| An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | ||||
| CVE-2020-35888 | 1 Arr Project | 1 Arr | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | ||||
| CVE-2020-35878 | 1 Ozone Project | 1 Ozone | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | ||||
| CVE-2020-35494 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 6.1 Medium |
| There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | ||||
| CVE-2020-2575 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2020-29371 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | ||||
| CVE-2020-27795 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.5 High |
| A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). | ||||
| CVE-2020-26271 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.4 Medium |
| In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | ||||
| CVE-2020-26266 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.4 Medium |
| In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | ||||
| CVE-2020-26148 | 1 Md4c Project | 1 Md4c | 2024-11-21 | 7.5 High |
| md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. | ||||
| CVE-2020-24753 | 1 Objective Open Cbor Run-time Project | 1 Objective Open Cbor Run-time | 2024-11-21 | 9.8 Critical |
| A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption. | ||||
| CVE-2020-1934 | 7 Apache, Canonical, Debian and 4 more | 13 Http Server, Ubuntu Linux, Debian Linux and 10 more | 2024-11-21 | 5.3 Medium |
| In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | ||||
| CVE-2020-1342 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445. | ||||
| CVE-2020-1322 | 1 Microsoft | 3 365 Apps, Office, Project | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'. | ||||