CWE-665
Improper Initialization
Description
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (114)
page 4 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0895 | Med | 0.34 | 4.7 | 0.03 | Mar 14, 2018 | The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability… | ||
| CVE-2018-0746 | — | Med | 0.34 | 4.7 | 0.04 | Jan 4, 2018 | The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows… | |
| CVE-2018-0745 | Med | 0.34 | 4.7 | 0.03 | Jan 4, 2018 | The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from… | ||
| CVE-2018-8121 | Med | 0.31 | 4.7 | 0.01 | Jun 14, 2018 | An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207. | ||
| CVE-2018-0810 | Med | 0.31 | 4.7 | 0.02 | Feb 15, 2018 | The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757. | ||
| CVE-2017-14159 | Med | 0.31 | 4.7 | 0.00 | Sep 5, 2017 | slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat… | ||
| CVE-2025-12902 | Med | 0.29 | 4.4 | 0.00 | Nov 7, 2025 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service. | ||
| CVE-2023-35061 | Med | 0.28 | 4.3 | 0.00 | Feb 14, 2024 | Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||
| CVE-2025-21100 | Med | 0.27 | 4.1 | 0.00 | May 13, 2025 | Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. | ||
| CVE-2017-12164 | Med | 0.27 | 4.1 | 0.00 | Jul 26, 2018 | A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen. | ||
| CVE-2018-0853 | Low | 0.22 | 3.3 | 0.12 | Feb 15, 2018 | Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure… | ||
| CVE-2025-25058 | Low | 0.21 | 3.3 | 0.00 | Feb 10, 2026 | Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. Unprivileged software adversary with an authenticated user… | ||
| CVE-2024-36331 | — | Low | 0.21 | 3.2 | 0.00 | Sep 6, 2025 | Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. | |
| CVE-2025-24511 | Low | 0.21 | 3.3 | 0.00 | Aug 12, 2025 | Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure. | ||
| CVE-2017-15897 | Low | 0.20 | 3.1 | 0.02 | Dec 11, 2017 | Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such… | ||
| CVE-2026-34553 | Med | 0.19 | 4.0 | 0.00 | Mar 31, 2026 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been… | ||
| CVE-2025-14955 | Low | 0.17 | 3.7 | 0.00 | Dec 19, 2025 | A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely.… | ||
| CVE-2024-26021 | Low | 0.15 | 2.3 | 0.00 | Feb 12, 2025 | Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | ||
| CVE-2023-48361 | Low | 0.15 | 2.3 | 0.00 | Aug 14, 2024 | Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. | ||
| CVE-2018-1118 | Low | 0.15 | 2.3 | 0.00 | May 10, 2018 | Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading… |
- risk 0.34cvss 4.7epss 0.03
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability…
- risk 0.34cvss 4.7epss 0.04
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows…
- risk 0.34cvss 4.7epss 0.03
The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from…
- risk 0.31cvss 4.7epss 0.01
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.
- risk 0.31cvss 4.7epss 0.02
The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.
- risk 0.31cvss 4.7epss 0.00
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat…
- risk 0.29cvss 4.4epss 0.00
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service.
- risk 0.28cvss 4.3epss 0.00
Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
- risk 0.27cvss 4.1epss 0.00
Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.
- risk 0.27cvss 4.1epss 0.00
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.
- risk 0.22cvss 3.3epss 0.12
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure…
- risk 0.21cvss 3.3epss 0.00
Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. Unprivileged software adversary with an authenticated user…
- risk 0.21cvss 3.2epss 0.00
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.
- risk 0.21cvss 3.3epss 0.00
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.
- risk 0.20cvss 3.1epss 0.02
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such…
- risk 0.19cvss 4.0epss 0.00
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been…
- risk 0.17cvss 3.7epss 0.00
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely.…
- risk 0.15cvss 2.3epss 0.00
Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.
- risk 0.15cvss 2.3epss 0.00
Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.
- risk 0.15cvss 2.3epss 0.00
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading…