CWE-665 · Improper Initialization
349 CVEs classified under CWE-665 (Improper Initialization). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-39864 | Critical | 9.8 | 2024-07-05 | The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port… |
CVE-2021-33635 | Critical | 9.8 | 2023-10-29 | When malicious images are pulled by isula pull, attackers can execute arbitrary code. |
CVE-2022-37128 | Critical | 9.8 | 2022-08-31 | In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. |
CVE-2021-41264 | Critical | 9.8 | 2021-11-12 | OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an… |
CVE-2019-10196 | Critical | 9.8 | 2021-03-19 | A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper… |
CVE-2015-8367 | Critical | 9.8 | 2020-01-14 | The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object in… |
CVE-2019-14271 | Critical | 9.8 | 2019-07-29 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library… |
CVE-2018-11949 | Critical | 9.8 | 2019-05-24 | Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Sn… |
CVE-2019-3464 | Critical | 9.8 | 2019-02-06 | Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users t… |
CVE-2017-13715 | Critical | 9.8 | 2017-08-29 | The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized… |
CVE-2008-0062 | Critical | 9.8 | 2008-03-19 | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash)… |
CVE-2021-3329 | Critical | 9.6 | 2023-02-26 | Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack |
CVE-2023-0397 | Critical | 9.6 | 2023-01-19 | A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. |
CVE-2022-46164 | Critical | 9.4 | 2022-12-05 | NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payl… |
CVE-2017-5468 | Critical | 9.1 | 2018-06-11 | An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manua… |
CVE-2022-0947 | Critical | 9.0 | 2022-05-10 | A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gatew… |
CVE-2025-55118 | High | 8.9 | 2025-09-16 | Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: *… |
CVE-2024-21807 | High | 8.8 | 2024-08-14 | Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authentica… |
CVE-2023-28737 | High | 8.8 | 2023-11-14 | Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege… |
CVE-2023-27934 | High | 8.8 | 2023-05-08 | A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpecte… |