Vulnerabilities (CVE)

Filtered by CWE-665
Total 310 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8576 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 6.9 MEDIUM 7.0 HIGH
The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability."
CVE-2017-0745 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.
CVE-2017-12847 1 Nagios 1 Nagios 2025-04-20 6.3 MEDIUM 6.3 MEDIUM
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
CVE-2016-9446 3 Fedoraproject, Gstreamer Project, Redhat 8 Fedora, Gstreamer, Enterprise Linux Desktop and 5 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
CVE-2017-14102 1 Mimedefang 1 Mimedefang 2025-04-20 4.6 MEDIUM 7.8 HIGH
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts.
CVE-2017-6267 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.
CVE-2017-0735 1 Google 1 Android 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864.
CVE-2017-10972 1 X.org 1 Xorg-server 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
CVE-2024-11158 1 Rockwellautomation 1 Arena 2025-04-18 N/A 6.7 MEDIUM
An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVE-2022-46487 1 Scontain 1 Scone 2025-04-17 N/A 7.8 HIGH
Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.
CVE-2014-0178 1 Samba 1 Samba 2025-04-12 3.5 LOW N/A
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
CVE-2016-6836 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 2.1 LOW 6.0 MEDIUM
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2014-4371 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 1.9 LOW N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
CVE-2011-3927 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-4087 1 Linux 1 Linux Kernel 2025-04-11 4.3 MEDIUM 7.5 HIGH
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.
CVE-2010-4655 3 Canonical, Linux, Vmware 3 Ubuntu Linux, Linux Kernel, Esx 2025-04-11 2.1 LOW 5.5 MEDIUM
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
CVE-2013-1675 5 Canonical, Debian, Mozilla and 2 more 18 Ubuntu Linux, Debian Linux, Firefox and 15 more 2025-04-11 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2010-4343 2 Linux, Vmware 2 Linux Kernel, Esx 2025-04-11 4.7 MEDIUM 5.5 MEDIUM
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.
CVE-2012-0012 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2025-04-11 4.3 MEDIUM N/A
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."
CVE-2008-3637 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 9.3 HIGH 8.8 HIGH
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."