CVE-2026-46264

A flaw was found in the Linux kernel's drm/xe/pf component. This vulnerability arises during the initialization of the sysfs interface, where an error in devmaddactionorreset can cause a cleanup action to execute on an uninitialized kernel object. This can lead to a use-after-free condition, whic...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation in the HTTPUEContextTransfer process when an unsupported Content-Type is received. An attacker can cause the processor to operate on an uninitialized object by sending a request with an unexpected Content-Typ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized object issue in the BPF memory allocator...

EUVD-2018-11138

Malware in sbrugna...

CVE-2023-24826

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...

CVE-2024-44939 jfs: fix null ptr deref in dtInsertEntry

In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry syzbot reported general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...

CVE-2024-40998 ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimitstate-lock access in ext4fillsuper In the following concurrency we will access the uninitialized rs-lock: ext4fillsuper ext4registersysfs // sysfs registered msgratelimitintervalms // Other...

CVE-2023-24826 Usage of Uninitialized Timer during forwarding of Fragments with SFR

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...

CVE-2021-40418

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...

CVE-2021-40418

CVE-2021-40418 affects Blackmagic Design DaVinci Resolve’s R3D DPDecoder service and the R3D SDK. The issue arises when DPDecoder parses a file: it can skip assigning a property that should reference an UUID object parsed from a frame, leaving that member uninitialized. Upon destruction, the unin...

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...

Design/Logic Flaw

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...

CVE-2020-11493

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...

CVE-2018-19448

In Foxit Reader SDK ActiveX Professional 5.4.0.1031, an uninitialized object in IReaderContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveragin...

Remote code execution

In Foxit Reader SDK ActiveX Professional 5.4.0.1031, an uninitialized object in IReaderContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveragin...

CVE-2018-19448

In Foxit Reader SDK ActiveX Professional 5.4.0.1031, an uninitialized object in IReaderContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveragin...

CVE-2018-17781

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled...

Information disclosure

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled...

CVE-2018-17781

Foxit PhantomPDF and Foxit Reader are affected: versions before 9.3 are vulnerable to an Uninitialized Object Information Disclosure caused by mishandling ArrayBuffer and DataView object creation. This allows remote attackers to obtain information without user interaction. No remediation details ...

CVE-2018-17781

Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled...