VYPR

CWE-908

Use of Uninitialized Resource

BaseIncompleteLikelihood: Medium

Description

The product uses or accesses a resource that has not been initialized.

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (209)

page 8 of 11
  • CVE-2010-2559Aug 11, 2010
    risk 0.02cvss epss 0.28

    Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption…

  • CVE-2010-2557Aug 11, 2010
    risk 0.02cvss epss 0.28

    Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption…

  • CVE-2010-2556Aug 11, 2010
    risk 0.02cvss epss 0.28

    Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory…

  • CVE-2015-5165Aug 12, 2015
    risk 0.01cvss epss 0.13

    The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

  • CVE-2011-1266Jun 16, 2011
    risk 0.01cvss epss 0.18

    The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is…

  • CVE-2011-1262Jun 16, 2011
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."

  • CVE-2011-1261Jun 16, 2011
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."

  • CVE-2011-1256Jun 16, 2011
    risk 0.01cvss epss 0.19

    Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."

  • CVE-2011-1254Jun 16, 2011
    risk 0.01cvss epss 0.18

    Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."

  • CVE-2011-1251Jun 16, 2011
    risk 0.01cvss epss 0.18

    Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."

  • CVE-2026-54500Jun 19, 2026
    risk 0.00cvss epss

    ### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In…

  • CVE-2026-27496Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain…

  • CVE-2025-55198Aug 13, 2025
    risk 0.00cvss epss 0.00

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are…

  • CVE-2025-26803Feb 24, 2025
    risk 0.00cvss epss 0.01

    The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.

  • CVE-2024-21502Feb 24, 2024
    risk 0.00cvss epss 0.01

    Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary…

  • CVE-2024-26147Feb 21, 2024
    risk 0.00cvss epss 0.01

    Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all…

  • CVE-2022-25345Jun 17, 2022
    risk 0.00cvss epss 0.01

    All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.

  • CVE-2022-31026Jun 6, 2022
    risk 0.00cvss epss 0.01

    Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should…

  • CVE-2022-29205May 20, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added…

  • CVE-2022-23573Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized…