CVE-2018-3970

MEDIUM Year: 2018
CVSS v3 Score
4.0
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-908
View all →

Vulnerability Description

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Related Vulnerabilities

CVE-2021-21781

MEDIUM
CVSS:4.0(Medium)

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application ...

CWE-9082021

CVE-2021-47096

MEDIUM
CVSS:4.0(Medium)

In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized user_pversion The user_pversion was uninitialized for the user space file structure in the open...

CWE-9082021

CVE-2021-34999

LOW
CVSS:3.8(Low)

OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Ope...

CWE-9082021

CVE-2017-5102

MEDIUM
CVSS:4.3(Medium)

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process mem...

CWE-9082017

CVE-2017-5103

MEDIUM
CVSS:4.3(Medium)

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a...

CWE-9082017

CVE-2018-1037

MEDIUM
CVSS:4.3(Medium)

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Stud...

CWE-9082018