VYPR

CWE-665

Improper Initialization

ClassDraftLikelihood: Medium

Description

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (114)

page 4 of 6
  • CVE-2018-0895MedMar 14, 2018
    risk 0.34cvss 4.7epss 0.03

    The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability…

  • CVE-2018-0746MedJan 4, 2018
    risk 0.34cvss 4.7epss 0.04

    The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows…

  • CVE-2018-0745MedJan 4, 2018
    risk 0.34cvss 4.7epss 0.03

    The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from…

  • CVE-2018-8121MedJun 14, 2018
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.

  • CVE-2018-0810MedFeb 15, 2018
    risk 0.31cvss 4.7epss 0.02

    The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.

  • CVE-2017-14159MedSep 5, 2017
    risk 0.31cvss 4.7epss 0.00

    slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat…

  • CVE-2025-12902MedNov 7, 2025
    risk 0.29cvss 4.4epss 0.00

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service.

  • CVE-2023-35061MedFeb 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

  • CVE-2025-21100MedMay 13, 2025
    risk 0.27cvss 4.1epss 0.00

    Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2017-12164MedJul 26, 2018
    risk 0.27cvss 4.1epss 0.00

    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

  • CVE-2018-0853LowFeb 15, 2018
    risk 0.22cvss 3.3epss 0.12

    Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure…

  • CVE-2025-25058LowFeb 10, 2026
    risk 0.21cvss 3.3epss 0.00

    Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. Unprivileged software adversary with an authenticated user…

  • CVE-2024-36331LowSep 6, 2025
    risk 0.21cvss 3.2epss 0.00

    Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.

  • CVE-2025-24511LowAug 12, 2025
    risk 0.21cvss 3.3epss 0.00

    Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.

  • CVE-2017-15897LowDec 11, 2017
    risk 0.20cvss 3.1epss 0.02

    Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such…

  • CVE-2026-34553MedMar 31, 2026
    risk 0.19cvss 4.0epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been…

  • CVE-2025-14955LowDec 19, 2025
    risk 0.17cvss 3.7epss 0.00

    A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely.…

  • CVE-2024-26021LowFeb 12, 2025
    risk 0.15cvss 2.3epss 0.00

    Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2023-48361LowAug 14, 2024
    risk 0.15cvss 2.3epss 0.00

    Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2018-1118LowMay 10, 2018
    risk 0.15cvss 2.3epss 0.00

    Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading…