CWE-909
Allowed-with-ReviewMissing Initialization of Resource
Abstraction: Class · Status: Incomplete
The product does not initialize a critical resource.
96 vulnerabilities reference this CWE, most recent first.
CVE-2021-3655 (GCVE-0-2021-3655)
Vulnerability from cvelistv5 – Published: 2021-08-05 20:48 – Updated: 2024-08-03 17:01| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1984024 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel v5.14-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-909",
"description": "CWE-909",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T00:06:30.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel v5.14-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-909"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
},
{
"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3655",
"datePublished": "2021-08-05T20:48:04.000Z",
"dateReserved": "2021-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12523 (GCVE-0-2020-12523)
Vulnerability from cvelistv5 – Published: 2020-12-17 22:43 – Updated: 2024-09-16 19:04- CWE-909 - Missing Initialization of Resource
| URL | Tags |
|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-046 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix Contact | TC MGUARD RS4000 4G VZW VPN (1010461) |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Phoenix Contact | TC MGUARD RS4000 4G ATT VPN (1010463) |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Phoenix Contact | FL MGUARD RS4004 TX/DTX (2701876) |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Phoenix Contact | FL MGUARD RS4004 TX/DTX VPN (2701877) |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Phoenix Contact | TC MGUARD RS4000 3G VPN (2903440) |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Phoenix Contact | TC MGUARD RS4000 4G VPN (2903586) |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Innominate | Innominate mGuard rs4000 4TX/TX |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Innominate | Innominate mGuard rs4000 4TX/TX VPN |
Affected:
unspecified , < 8.8.3
(custom)
|
|
| Innominate | Innominate mGuard rs4000 4TX/3G/TX VPN |
Affected:
unspecified , < 8.8.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TC MGUARD RS4000 4G VZW VPN (1010461)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TC MGUARD RS4000 4G ATT VPN (1010463)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "FL MGUARD RS4004 TX/DTX (2701876)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "FL MGUARD RS4004 TX/DTX VPN (2701877)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TC MGUARD RS4000 3G VPN (2903440)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TC MGUARD RS4000 4G VPN (2903586)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Innominate mGuard rs4000 4TX/TX",
"vendor": "Innominate",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Innominate mGuard rs4000 4TX/TX VPN",
"vendor": "Innominate",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Innominate mGuard rs4000 4TX/3G/TX VPN",
"vendor": "Innominate",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by SMST Designers \u0026 Constructors B.V., Phoenix Contact reported to CERT@VDE"
}
],
"datePublic": "2020-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-909",
"description": "CWE-909 Missing Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T22:43:14.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
}
],
"solutions": [
{
"lang": "en",
"value": "PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3."
}
],
"source": {
"advisory": "VDE-2020-046",
"defect": [
"VDE-2020-046"
],
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration",
"workarounds": [
{
"lang": "en",
"value": "Instead of deactivating by configuration, network cables should be detached from affected switch ports."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
"ID": "CVE-2020-12523",
"STATE": "PUBLIC",
"TITLE": "Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TC MGUARD RS4000 4G VZW VPN (1010461)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "TC MGUARD RS4000 4G ATT VPN (1010463)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "FL MGUARD RS4004 TX/DTX (2701876)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "FL MGUARD RS4004 TX/DTX VPN (2701877)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "TC MGUARD RS4000 3G VPN (2903440)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "TC MGUARD RS4000 4G VPN (2903586)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
}
]
},
"vendor_name": "Phoenix Contact"
},
{
"product": {
"product_data": [
{
"product_name": "Innominate mGuard rs4000 4TX/TX",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "Innominate mGuard rs4000 4TX/TX VPN",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "Innominate mGuard rs4000 4TX/3G/TX VPN",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
}
]
},
"vendor_name": "Innominate"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Discovered by SMST Designers \u0026 Constructors B.V., Phoenix Contact reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource"
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-909 Missing Initialization of Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-046",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
}
]
},
"solution": [
{
"lang": "en",
"value": "PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3."
}
],
"source": {
"advisory": "VDE-2020-046",
"defect": [
"VDE-2020-046"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Instead of deactivating by configuration, network cables should be detached from affected switch ports."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12523",
"datePublished": "2020-12-17T22:43:14.788Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:04:46.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3804 (GCVE-0-2019-3804)
Vulnerability from cvelistv5 – Published: 2019-03-26 00:00 – Updated: 2024-08-04 19:19{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:1569",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1569"
},
{
"name": "RHSA-2019:1571",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1571"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-project/cockpit/pull/10819"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cockpit",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "184"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that cockpit before version 184 used glib\u0027s base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-909",
"description": "CWE-909",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2019:1569",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1569"
},
{
"name": "RHSA-2019:1571",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1571"
},
{
"url": "https://github.com/cockpit-project/cockpit/pull/10819"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804"
},
{
"url": "https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3804",
"datePublished": "2019-03-26T00:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-24G6-5RX7-58WJ
Vulnerability from github – Published: 2022-01-06 22:18 – Updated: 2022-01-07 16:13An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25054"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T18:31:07Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization.",
"id": "GHSA-24g6-5rx7-58wj",
"modified": "2022-01-07T16:13:36Z",
"published": "2022-01-06T22:18:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25054"
},
{
"type": "WEB",
"url": "https://github.com/libpnet/libpnet/issues/449"
},
{
"type": "WEB",
"url": "https://github.com/libpnet/libpnet"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/pnet/RUSTSEC-2019-0037.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0037.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Missing Initialization of Resource in pnet"
}
GHSA-28Q3-MX7C-4CC3
Vulnerability from github – Published: 2022-08-27 00:00 – Updated: 2022-09-02 00:01A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-0175"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-26T18:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.",
"id": "GHSA-28q3-mx7c-4cc3",
"modified": "2022-09-02T00:01:10Z",
"published": "2022-08-27T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0175"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-0175"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0175"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2M5X-JQMF-GR49
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-05-24 17:02In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
{
"affected": [],
"aliases": [
"CVE-2019-19534"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-03T16:15:00Z",
"severity": "LOW"
},
"details": "In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.",
"id": "GHSA-2m5x-jqmf-gr49",
"modified": "2022-05-24T17:02:35Z",
"published": "2022-05-24T17:02:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4225-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4225-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4226-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4227-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4227-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4228-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4228-2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2M75-32F4-6FHR
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data.
{
"affected": [],
"aliases": [
"CVE-2021-22482"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-28T13:15:00Z",
"severity": "MODERATE"
},
"details": "There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data.",
"id": "GHSA-2m75-32f4-6fhr",
"modified": "2022-05-24T19:19:07Z",
"published": "2022-05-24T19:19:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22482"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2021/7"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2R5V-RG6V-8XG5
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-10-27 19:00A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
{
"affected": [],
"aliases": [
"CVE-2021-3655"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-05T21:15:00Z",
"severity": "LOW"
},
"details": "A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.",
"id": "GHSA-2r5v-rg6v-8xg5",
"modified": "2022-10-27T19:00:41Z",
"published": "2022-05-24T19:10:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3655"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984024"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-32H2-7245-4MH4
Vulnerability from github – Published: 2024-01-04 00:30 – Updated: 2024-01-04 00:30Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
{
"affected": [],
"aliases": [
"CVE-2023-5138"
],
"database_specific": {
"cwe_ids": [
"CWE-1319",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-03T23:15:08Z",
"severity": "MODERATE"
},
"details": "Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.",
"id": "GHSA-32h2-7245-4mh4",
"modified": "2024-01-04T00:30:20Z",
"published": "2024-01-04T00:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5138"
},
{
"type": "WEB",
"url": "https://community.silabs.com/069Vm0000004f6DIAQ"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-355F-MPQR-3MWV
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20An issue was discovered in LibVNCServer before 0.9.13. There is a memory leak in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
{
"affected": [],
"aliases": [
"CVE-2018-21247"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-17T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in LibVNCServer before 0.9.13. There is a memory leak in the libvncclient/rfbproto.c ConnectToRFBRepeater function.",
"id": "GHSA-355f-mpqr-3mwv",
"modified": "2022-05-24T17:20:41Z",
"published": "2022-05-24T17:20:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21247"
},
{
"type": "WEB",
"url": "https://github.com/LibVNC/libvncserver/issues/253"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
},
{
"type": "WEB",
"url": "https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile your product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.