VYPR

CWE-908

Use of Uninitialized Resource

BaseIncompleteLikelihood: Medium

Description

The product uses or accesses a resource that has not been initialized.

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (209)

page 1 of 11
  • CVE-2008-0081CriJan 16, 2008
    risk 0.71cvss 9.8epss 0.58

    Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

  • CVE-2012-1891CriJul 10, 2012
    risk 0.66cvss 9.8epss 0.29

    Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO…

  • CVE-2026-24826CriJan 27, 2026
    risk 0.65cvss epss 0.00

    Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .

  • CVE-2025-1942CriMar 4, 2025
    risk 0.64cvss 9.8epss 0.00

    When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

  • CVE-2018-14551CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.04

    The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

  • CVE-2018-5095CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.04

    An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6,…

  • CVE-2015-8390CriDec 2, 2015
    risk 0.64cvss 9.8epss 0.05

    PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp…

  • CVE-2008-3475HigOct 15, 2008
    risk 0.60cvss 8.8epss 0.40

    Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka…

  • CVE-2026-4716CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4715CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-2806CriFeb 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2024-47685CriOct 21, 2024
    risk 0.59cvss 9.1epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the…

  • CVE-2008-4197HigSep 27, 2008
    risk 0.58cvss 8.8epss 0.06

    Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via…

  • CVE-2025-31649HigNov 17, 2025
    risk 0.57cvss 8.7epss 0.00

    A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can…

  • CVE-2025-31361HigNov 17, 2025
    risk 0.57cvss 8.7epss 0.00

    A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An…

  • CVE-2008-2934HigJul 18, 2008
    risk 0.57cvss 8.8epss 0.04

    Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

  • CVE-2026-40364HigMay 12, 2026
    risk 0.55cvss 8.4epss 0.04

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  • CVE-2009-2692HigAug 14, 2009
    risk 0.55cvss 7.8epss 0.15

    The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero,…

  • CVE-2009-1529HigJun 10, 2009
    risk 0.55cvss 8.1epss 0.29

    Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a…

  • CVE-2009-0949HigJun 9, 2009
    risk 0.53cvss 7.5epss 0.20

    The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive…