CWE-665 352 個 CVE MITRE 定義 ↗

CWE-665:Improper Initialization

概覽

CWE-665(Improper Initialization)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-44434 2026-07-16 Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4, Quicly was vulnerable to stateless reset injection through lack of packet…
CVE-2026-54777 2026-07-08 CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe i…
CVE-2026-54409 2026-07-02 A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Pr…
CVE-2026-54279 2026-06-22 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save() and then restored later with CookieJar.load() lo…
CVE-2026-12539 2026-06-18 Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart…
CVE-2025-35991 2026-05-12 Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a…
CVE-2026-34553 2026-03-31 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and o…
CVE-2026-0940 2026-03-11 A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
CVE-2025-66363 2026-03-03 An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
CVE-2026-26958 2026-02-19 filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid re…
CVE-2025-48509 2026-02-10 Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory …
CVE-2025-25058 2026-02-10 Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an info…
CVE-2026-23553 2026-01-28 In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents …
CVE-2026-21913 2026-01-15 An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a De…
CVE-2025-14955 2025-12-19 A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation re…
CVE-2025-12902 2025-11-07 Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of …
CVE-2025-55118 2025-09-16 Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configura…
CVE-2024-36331 2025-09-06 Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.
CVE-2025-24511 2025-08-12 Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via da…
CVE-2025-22834 2025-08-12 AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected s…

曾用名

  • Incorrect or Incomplete Initialization (2009-01-12)

內容提交

名稱
PLOVER
日期
2008-04-11
版本
Draft 9

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Sean Eidemiller 1.0 added/updated demonstrative examples
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-01-12 CWE Content Team 1.2 updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities
2009-03-10 CWE Content Team 1.3 updated Potential_Mitigations
2009-05-27 CWE Content Team 1.4 updated Description, Relationships
2009-07-27 CWE Content Team 1.5 updated Related_Attack_Patterns
2009-10-29 CWE Content Team 1.6 updated Common_Consequences
2010-02-16 CWE Content Team 1.8 updated Potential_Mitigations
2010-04-05 CWE Content Team 1.8.1 updated Applicable_Platforms
2010-06-21 CWE Content Team 1.9 updated Detection_Factors, Potential_Mitigations
2010-09-27 CWE Content Team 1.10 updated Observed_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings
2013-02-21 CWE Content Team 2.4 updated Demonstrative_Examples, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Type
2017-11-08 CWE Content Team 3.0 updated References, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Observed_Examples
2023-01-31 CWE Content Team 4.10 updated Description, Potential_Mitigations, Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Relationships
2024-02-29 CWE Content Team 4.14 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated References, Relationships
2025-12-11 CWE Content Team 4.19 updated Observed_Examples
2026-04-30 CWE Content Team 4.20 updated Potential_Mitigations
cvelogic Threat Intelligence