CWE-908
Use of Uninitialized Resource
Description
The product uses or accesses a resource that has not been initialized.
Hierarchy (View 1000)
CVEs mapped to this weakness (209)
page 11 of 11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-35888 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | ||
| CVE-2020-26266 | 0.00 | — | 0.00 | Dec 10, 2020 | In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating… | |||
| CVE-2020-26271 | 0.00 | — | 0.00 | Dec 10, 2020 | In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input… | |||
| CVE-2020-15193 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing… | |||
| CVE-2019-16144 | — | 0.00 | — | 0.02 | Sep 9, 2019 | An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. | ||
| CVE-2019-15553 | — | 0.00 | — | 0.02 | Aug 26, 2019 | An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory. | ||
| CVE-2018-20992 | — | 0.00 | — | 0.01 | Aug 26, 2019 | An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. | ||
| CVE-2018-11383 | Med | 0.00 | 5.5 | 0.01 | May 22, 2018 | The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. | ||
| CVE-2015-3414 | 0.00 | — | 0.05 | Apr 24, 2015 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE… |
- CVE-2020-35888Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.
- CVE-2020-26266Dec 10, 2020risk 0.00cvss —epss 0.00
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating…
- CVE-2020-26271Dec 10, 2020risk 0.00cvss —epss 0.00
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input…
- CVE-2020-15193Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing…
- CVE-2019-16144Sep 9, 2019risk 0.00cvss —epss 0.02
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
- CVE-2019-15553Aug 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.
- CVE-2018-20992Aug 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.
- risk 0.00cvss 5.5epss 0.01
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.
- CVE-2015-3414Apr 24, 2015risk 0.00cvss —epss 0.05
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…