Total
214 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-26004 | 2024-06-28 | 7.5 High | ||
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. | ||||
CVE-2024-24925 | 2024-06-07 | 7.8 High | ||
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060) | ||||
CVE-2023-47044 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-06-06 | 5.5 Medium |
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-32998 | 2024-06-04 | 5.9 Medium | ||
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-33608 | 2024-06-04 | 7.5 High | ||
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-34288 | 2024-06-04 | N/A | ||
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17966. | ||||
CVE-2023-35715 | 2024-06-04 | N/A | ||
Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20408. | ||||
CVE-2023-35713 | 2024-06-04 | N/A | ||
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20201. | ||||
CVE-2023-35712 | 2024-06-04 | N/A | ||
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20200. | ||||
CVE-2021-29098 | 1 Esri | 4 Arcgis, Arcgis Pro, Arcmap and 1 more | 2024-05-21 | 7.8 High |
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | ||||
CVE-2023-43531 | 2024-05-06 | 8.4 High | ||
Memory corruption while verifying the serialized header when the key pairs are generated. | ||||
CVE-2023-34272 | 2024-05-03 | N/A | ||
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182. | ||||
CVE-2023-34263 | 2024-05-03 | N/A | ||
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162. | ||||
CVE-2022-33280 | 1 Qualcomm | 124 Apq8096au, Apq8096au Firmware, Ar8031 and 121 more | 2024-04-12 | 8.8 High |
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet. | ||||
CVE-2024-21919 | 2024-03-26 | 7.8 High | ||
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
CVE-2021-29095 | 1 Esri | 1 Arcgis Server | 2024-02-23 | 6.8 Medium |
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. | ||||
CVE-2006-0054 | 1 Freebsd | 1 Freebsd | 2024-02-13 | N/A |
The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. | ||||
CVE-2003-1201 | 1 Openldap | 1 Openldap | 2024-02-13 | N/A |
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault). | ||||
CVE-2006-6143 | 2 Canonical, Mit | 2 Ubuntu Linux, Kerberos 5 | 2024-02-09 | N/A |
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | ||||
CVE-2009-0040 | 6 Apple, Debian, Fedoraproject and 3 more | 9 Iphone Os, Mac Os X, Debian Linux and 6 more | 2024-02-09 | N/A |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. |