CVEs classified under CWE-909, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2022-22704 — CVSS 9.8 (critical): The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly…
CVE-2024-8178 — CVSS 8.8 (high): The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious…
CVE-2021-29980 — CVSS 8.8 (high): Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable…
CVE-2021-23994 — CVSS 8.8 (high): A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects…
CVE-2020-11741 — CVSS 8.8 (high): An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information…
CVE-2024-9780 — CVSS 7.8 (high): ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
CVE-2024-43873 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues…
CVE-2022-29968 — CVSS 7.8 (high): An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
CVE-2005-1036 — CVSS 7.8 (high): FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which…
CVE-2021-23386 — CVSS 7.7 (high): This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network…
CVE-2025-8117 — CVSS 7.5 (high): PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset…
CVE-2021-0947 — CVSS 7.5 (high): The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM…
CVE-2021-0946 — CVSS 7.5 (high): The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via…
CVE-2021-39966 — CVSS 7.5 (high): There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service…
CVE-2019-25054 — CVSS 7.5 (high): An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an…
CVE-2021-36513 — CVSS 7.5 (high): An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to…
CVE-2021-36386 — CVSS 7.5 (high): report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow…
CVE-2021-31919 — CVSS 7.5 (high): An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may…
CVE-2021-1405 — CVSS 7.5 (high): A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an…
CVE-2018-21247 — CVSS 7.5 (high): An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the…
CVE-2019-19553 — CVSS 7.5 (high): In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-te…
CVE-2019-12410 — CVSS 7.5 (high): While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1…
CVE-2019-12408 — CVSS 7.5 (high): It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had…
CVE-2019-16714 — CVSS 7.5 (high): In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack…
CVE-2019-3804 — CVSS 7.5 (high): It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack…
CVE-2018-14647 — CVSS 7.5 (high): Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial…
CVE-2018-10811 — CVSS 7.5 (high): strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2026-43040 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX…
CVE-2022-50169 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The…
CVE-2022-49865 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to…
CVE-2024-52870 — CVSS 7.1 (high): Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended…
CVE-2023-5138 — CVSS 6.8 (medium): Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
CVE-2020-24455 — CVSS 6.7 (medium): Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via…
CVE-2024-50076 — CVSS 6.5 (medium): In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in con_font_get() font.data may not…
CVE-2024-27913 — CVSS 6.5 (medium): ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon…
CVE-2021-28167 — CVSS 6.5 (medium): In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain…
CVE-2020-12352 — CVSS 6.5 (medium): Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2019-9321 — CVSS 6.5 (medium): In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution…
CVE-2019-9320 — CVSS 6.5 (medium): In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution…
CVE-2019-9319 — CVSS 6.5 (medium): In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution…
CVE-2019-9318 — CVSS 6.5 (medium): In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution…
CVE-2019-9317 — CVSS 6.5 (medium): In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional…
CVE-2019-9316 — CVSS 6.5 (medium): In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional…
CVE-2019-9315 — CVSS 6.5 (medium): In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution…
CVE-2019-9314 — CVSS 6.5 (medium): In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution…
CVE-2019-9313 — CVSS 6.5 (medium): In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional…
CVE-2019-9247 — CVSS 6.5 (medium): In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution…
CVE-2025-38601 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a…
CVE-2025-38532 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is…
CVE-2022-49217 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In…