CWE-908— Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.— MITRE CWE catalog
769 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-908page 9 of 16
- CVE-2023-36704HIGHCVSS 7.8EG 7.82023-10-10
Windows Setup Files Cleanup Remote Code Execution Vulnerability
- CVE-2023-36713MEDIUMCVSS 5.5EG 5.52023-10-10
Windows Common Log File System Driver Information Disclosure Vulnerability
- CVE-2023-36836MEDIUMCVSS 4.7EG 4.72023-07-14
A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all …
- CVE-2023-36913MEDIUMCVSS 6.5EG 6.52023-08-08
Microsoft Message Queuing Information Disclosure Vulnerability
- CVE-2023-37930HIGHCVSS 7.5EG 7.52025-04-08
Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially leading to code or commands execution via …
- CVE-2023-38140MEDIUMCVSS 5.5EG 5.52023-09-12
Windows Kernel Information Disclosure Vulnerability
- CVE-2023-38151HIGHCVSS 8.8EG 8.82023-11-14
Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
- CVE-2023-39484MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42046MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42048MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42056MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42062HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is requi…
- CVE-2023-42079MEDIUMCVSS 5.5EG 3.32024-05-03
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction…
- CVE-2023-42797HIGHCVSS 7.2EG 6.62024-01-09
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of i…
- CVE-2023-4489CRITICALCVSS 9.8EG 6.42023-12-14
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing netw…
- CVE-2023-45663MEDIUMCVSS 5.5EG 5.32023-10-21
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it retur…
- CVE-2023-46100MEDIUMCVSS 5.5EG 6.22023-11-20
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.
- CVE-2023-52528MEDIUMCVSS 5.5EG 5.52024-03-02
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ============================================…
- CVE-2023-52577MEDIUMCVSS 5.5EG 5.52024-03-02
In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccp_v4_err()/dccp_v6_err() again dh->dccph_x is the 9th byte (offset 8) in "struct dccp_hdr", not in the "byte 7" as Jann claimed. We need to make sure the I…
- CVE-2023-52703MEDIUMCVSS 5.5EG 3.32024-05-21
In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() is uninitialized when passing it to the first us…
- CVE-2023-52792MEDIUMCVSS 5.5EG 5.52024-05-21
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Commit 5e42bcbc3fef ("cxl/region: decrement ->nr_targets on error in cxl_region_attach()") tried…
- CVE-2023-52842HIGHCVSS 7.1EG 7.12024-05-21
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt() KMSAN reported the following uninit-value access issue: ==================================================…
- CVE-2023-52843MEDIUMCVSS 5.5EG 5.52024-05-21
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_…
- CVE-2023-52845MEDIUMCVSS 5.5EG 5.52024-05-21
In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ========================================…
- CVE-2023-53119MEDIUMCVSS 5.5EG 5.52025-05-02
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' fi…
- CVE-2023-53165MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are between 2 and 5 characters long, UDF charset conversion code would read un…
- CVE-2023-53341MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when early_init_dt_scan_memory fails If memory has been found early_init_dt_scan_memory now returns 1. If it hasn't found any memory it will…
- CVE-2023-53344MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write Syzkaller reported the following issue: ===================================================== BUG: KMSAN: …
- CVE-2023-53351MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check scheduler work queue before calling timeout handling During an IGT GPU reset test we see again oops despite of commit 0c8c901aaaebc9 (drm/sched: Check s…
- CVE-2023-53462MEDIUMCVSS 5.5EG 5.52025-10-01
In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fill_frame_info() Syzbot reports the following uninit-value access problem. ===================================================== BUG: K…
- CVE-2023-53525MEDIUMCVSS 5.5EG 5.52025-10-01
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qp_type to join multicast only As for multicast: - The SIDR is the only mode that makes sense; - Besides PS_UDP, other port spaces like PS_IB is also …
- CVE-2023-53532MEDIUMCVSS 5.5EG 5.52025-10-01
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix deinitialization of firmware resources Currently, in ath11k_ahb_fw_resources_init(), iommu domain mapping is done only for the chipsets having fixed fi…
- CVE-2023-53555MEDIUMCVSS 5.5EG 5.52025-10-04
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damo_filter->list from damos_new_filter() damos_new_filter() is not initializing the list field of newly allocated filter object. However, DAM…
- CVE-2023-53578HIGHCVSS 7.8EG 7.82025-10-04
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() Syzbot reported a bug as following: ===================================================== BUG: KMSAN: u…
- CVE-2023-6324HIGHCVSS 8.1EG 8.12024-05-15
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
- CVE-2024-11364HIGHCVSS 7.3EG 7.32024-12-19
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If …
- CVE-2024-11991MEDIUMCVSS 5.6EG 5.62024-12-09
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canis…
- CVE-2024-12085HIGHCVSS 7.5EG 7.52025-01-14
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one…
- CVE-2024-13164HIGHCVSS 7.8EG 7.82025-01-14
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
- CVE-2024-1847HIGHCVSS 7.8EG 7.82024-02-28
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings fr…
- CVE-2024-1848HIGHCVSS 7.8EG 7.82024-03-22
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS D…
- CVE-2024-20694MEDIUMCVSS 5.5EG 5.52024-01-09
Windows CoreMessaging Information Disclosure Vulnerability
- CVE-2024-21502HIGHCVSS 7.5EG 7.52024-02-24
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variab…
- CVE-2024-23137HIGHCVSS 7.8EG 7.52024-02-22
A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current p…
- CVE-2024-23159HIGHCVSS 7.8EG 8.82024-06-25
A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current pro…
- CVE-2024-23314HIGHCVSS 7.5EG 7.52024-02-14
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not eva…
- CVE-2024-26147HIGHCVSS 7.5EG 7.52024-02-21
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plug…
- CVE-2024-26209MEDIUMCVSS 5.5EG 5.52024-04-09
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- CVE-2024-26220MEDIUMCVSS 5.0EG 5.02024-04-09
Windows Mobile Hotspot Information Disclosure Vulnerability
- CVE-2024-26638MEDIUMCVSS 4.4EG 4.42024-03-18
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we sho…
Map vulnerabilities like CWE-908 to your infrastructure
EchelonGraph correlates every CVE — across CWE-908 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →