CWE-908: CWE-908
Yearly Trend
Top Affected Vendors
All CWE-908 CVEs (203)
CVE-2024-32611 is a critical vulnerability in the HDF5 library where uninitialized memory usage in attribute handling functions could lead to arbitrar...
May 14, 2024This critical vulnerability in Windows Network File System (NFS) allows unauthenticated remote attackers to execute arbitrary code on affected systems...
May 9, 2023This vulnerability in the csv-sniffer Rust crate allows reading from uninitialized memory locations, which could lead to information disclosure or mem...
Dec 27, 2021This vulnerability in the ash crate for Rust allows reading from uninitialized memory locations via the util::read_spv function. Attackers could explo...
Dec 27, 2021This vulnerability in the messagepack-rs Rust crate allows attackers to read uninitialized memory during binary deserialization. This can lead to info...
Dec 27, 2021This vulnerability in the messagepack-rs Rust crate allows attackers to read uninitialized memory during deserialization of certain extension types. T...
Dec 27, 2021CVE-2021-45703 is a memory safety vulnerability in the tectonic_xdv Rust crate where XdvParser::<T>::process can read from uninitialized memory locati...
Dec 27, 2021This vulnerability in the Rust buffoon crate allows attackers to read from uninitialized memory locations via InputStream::read_exact. This can lead t...
Dec 27, 2021This vulnerability in the acc_reader Rust crate allows attackers to read from uninitialized memory locations via the fill_buf function. This can lead ...
Dec 27, 2021CVE-2021-45682 is a memory safety vulnerability in the bronzedb-protocol Rust crate where ReadKVExt may read from uninitialized memory locations. This...
Dec 27, 2021This vulnerability in the flumedb Rust crate allows attackers to read from uninitialized memory locations via the read_entry function. This can lead t...
Dec 27, 2021This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passing an uninitialized buffer to AsyncRead::poll_read...
Aug 8, 2021This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by exploiting uninitialized memory drops in the FixedCapa...
Aug 8, 2021This vulnerability in the alg_ds Rust crate allows attackers to trigger undefined behavior by causing uninitialized memory to be dropped in Matrix::ne...
Aug 8, 2021CVE-2018-25014 is a use-after-free vulnerability in libwebp's ReadSymbol() function that allows attackers to execute arbitrary code or cause denial of...
May 21, 2021This vulnerability in the adtensor Rust crate allows attackers to trigger use of uninitialized memory through the FromIterator implementation for Vect...
Apr 1, 2021This vulnerability in the byte_struct Rust crate allows attackers to cause memory corruption by triggering a panic during deserialization, potentially...
Mar 5, 2021This vulnerability in the stack_dst Rust crate allows use-after-free of uninitialized memory when a panic occurs during cloning operations. This can l...
Mar 5, 2021CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious Read implementation to access uninitialized heap m...
Jan 29, 2021This vulnerability involves uninitialized memory in Firefox's Graphics: Text component, which could allow attackers to read sensitive data from memory...
Feb 24, 2026This CVE-2024-47685 is a Linux kernel vulnerability in the netfilter IPv6 rejection module where uninitialized memory from TCP header reserved bits co...
Oct 21, 2024CVE-2021-25905 is a memory safety vulnerability in the bra crate for Rust that allows reading uninitialized memory. This affects any Rust application ...
Jan 26, 2021This vulnerability in Microsoft Host Integration Server 2020 allows remote attackers to execute arbitrary code on affected systems. Attackers can expl...
Nov 14, 2023This vulnerability allows an attacker to execute arbitrary code on affected Android devices by exploiting an uninitialized data condition in the NuMed...
Jun 15, 2023This vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird involves using an uninitialized value as a read limit when processing files, poten...
Jun 2, 2023This vulnerability allows remote attackers to execute arbitrary code on systems using vulnerable Microsoft PostScript and PCL6 Class Printer Drivers. ...
Apr 11, 2023CVE-2022-35414 is an uninitialized read vulnerability in QEMU's memory management component that can lead to crashes when handling I/O operations. Thi...
Jul 11, 2022This CVE describes a double-free vulnerability in Android's NFC stack that could allow remote code execution without user interaction. An attacker cou...
Jun 11, 2021This vulnerability in Google Chrome's PDFium component allows attackers to read uninitialized memory from the browser process by tricking users into o...
Mar 9, 2021A hard-coded password vulnerability in Dell ControlVault3 and ControlVault3 Plus drivers allows attackers to execute privileged operations via special...
Nov 17, 2025A privilege escalation vulnerability in Dell ControlVault3 and ControlVault3 Plus biometric drivers allows attackers to gain elevated system privilege...
Nov 17, 2025CVE-2020-11260 is a memory corruption vulnerability in Qualcomm's DIAG services where improper freeing of uninitialized memory can lead to arbitrary c...
Jun 9, 2021CVE-2025-33070 is a privilege escalation vulnerability in Windows Netlogon service where uninitialized resources allow unauthorized attackers to gain ...
Jun 10, 2025This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PGM image files in GIMP. The flaw exists...
Feb 20, 2026This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by tricking users into opening malicious SLDPRT files. All Simcenter ...
Dec 12, 2025This CVE-2022-50546 is a Linux kernel vulnerability in the ext4 filesystem where uninitialized memory in the 'ext4_evict_inode' function can be access...
Oct 7, 2025A memory corruption vulnerability in the Linux kernel's SCTP (Stream Control Transmission Protocol) implementation allows uninitialized memory access ...
Sep 4, 2025This CVE involves an uninitialized memory vulnerability in the Linux kernel's F2FS filesystem driver. Attackers could exploit this to cause kernel cra...
Aug 19, 2025A kernel memory disclosure vulnerability in the Linux kernel's PPTP implementation allows reading uninitialized data from kernel memory. This affects ...
Aug 19, 2025An uninitialized resource vulnerability in Ivanti Endpoint Manager (EPM) allows local authenticated attackers to escalate privileges. This affects Iva...
Jan 14, 2025This vulnerability allows remote code execution through specially crafted Excel files. Attackers can exploit this by tricking users into opening malic...
Nov 12, 2024This CVE addresses an uninitialized value vulnerability in the Linux kernel's UDF filesystem driver. An attacker could exploit this to read uninitiali...
Nov 7, 2024A vulnerability in the Linux kernel's GPIO character device driver allows reading uninitialized memory when a GPIO line is configured with software de...
May 30, 2024A Linux kernel vulnerability where CPU hotplug operations leave stale shadow call stack (SCS) and KASAN shadow memory in idle tasks, causing memory le...
May 24, 2024This is a race condition vulnerability in the Linux kernel's fork mechanism that can lead to use-after-free conditions when handling hugetlbfs memory ...
May 1, 2024This vulnerability allows remote attackers to execute arbitrary code on systems running the iSCSI Target WMI Provider. Attackers can exploit this with...
Jun 14, 2023This vulnerability in FreeBSD's bhyve hypervisor allows malicious virtual machine guests to cause memory corruption in the host's bhyve process. This ...
Aug 30, 2021CVE-2021-0495 is a memory management driver vulnerability in Android System-on-Chip (SoC) components that allows local privilege escalation through an...
Jun 11, 2021This is a remote code execution vulnerability in Microsoft Excel where specially crafted files can execute arbitrary code when opened. It affects user...
Oct 16, 2020This Windows networking vulnerability allows attackers to read sensitive information from system memory without authorization. It affects Windows syst...
Sep 10, 2024About CWE-908 (CWE-908)
Our database tracks 203 CVEs classified as CWE-908, with 22 rated critical and 71 rated high severity. The average CVSS score for CWE-908 vulnerabilities is 6.7.
External reference: View CWE-908 on MITRE CWE →
Monitor CWE-908 Vulnerabilities
Get alerted when new CWE-908 CVEs affect your infrastructure.
Start Monitoring Free