Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48807 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler Currently, the same handler is called for both a NETDEV_BONDING_INFO LAG unlink notification as for a NETDEV_UNREGISTER call. This is causing a problem though, since the netdev_notifier_info passed has a different structure depending on which event is passed. The problem manifests as a call trace from a BUG: KASAN stack-out-of-bounds error. Fix this by creating a handler specific to NETDEV_UNREGISTER that only is passed valid elements in the netdev_notifier_info struct for the NETDEV_UNREGISTER event. Also included is the removal of an unbalanced dev_put on the peer_netdev and related braces. | |||||
| CVE-2022-48747 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 7.5 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: block: Fix wrong offset in bio_truncate() bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized data. This happened when both of truncated/corrupted FS and userspace (via bdev) are trying to read the last of bdev. | |||||
| CVE-2022-48654 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace. | |||||
| CVE-2022-47012 | 1 Solarwinds | 1 Dynamips | 2026-06-17 | N/A | 7.5 HIGH |
| Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | |||||
| CVE-2022-40768 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |||||
| CVE-2022-39283 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2026-06-17 | N/A | 5.9 MEDIUM |
| FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. | |||||
| CVE-2022-39282 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2026-06-17 | N/A | 3.5 LOW |
| FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. | |||||
| CVE-2022-38668 | 1 Crowcpp | 1 Crow | 2026-06-17 | N/A | 7.5 HIGH |
| HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | |||||
| CVE-2022-35414 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2026-06-17 | 6.1 MEDIUM | 8.8 HIGH |
| softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time. | |||||
| CVE-2022-34655 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2026-06-17 | N/A | 7.5 HIGH |
| In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-34390 | 1 Dell | 4 Alienware Area-51 R4, Alienware Area-51 R4 Firmware, Alienware Area-51 R5 and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2022-34266 | 2 Amazon, Libtiff | 2 Amazon Linux, Libtiff | 2026-06-17 | N/A | 5.5 MEDIUM |
| The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. | |||||
| CVE-2022-33716 | 1 Google | 1 Android | 2026-06-17 | N/A | 2.3 LOW |
| An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. | |||||
| CVE-2022-32745 | 1 Samba | 1 Samba | 2026-06-17 | N/A | 8.1 HIGH |
| A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | |||||
| CVE-2022-32616 | 2 Google, Mediatek | 4 Android, Mt6983, Mt8871 and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS07341258. | |||||
| CVE-2022-32615 | 2 Google, Mediatek | 4 Android, Mt6983, Mt8871 and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559. | |||||
| CVE-2022-31741 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-06-17 | N/A | 8.8 HIGH |
| A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2022-31026 | 1 Trilogy Project | 1 Trilogy | 2026-06-17 | 5.0 MEDIUM | 5.9 MEDIUM |
| Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. | |||||
| CVE-2022-2950 | 1 Altair | 1 Hyperview Player | 2026-06-17 | N/A | 7.8 HIGH |
| Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. | |||||
| CVE-2022-2949 | 1 Altair | 1 Hyperview Player | 2026-06-17 | N/A | 7.8 HIGH |
| Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. | |||||