Total
318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2022-29488 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2022-30540 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | ||||
| CVE-2022-3378 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write. | ||||
| CVE-2022-3377 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read. | ||||
| CVE-2022-2952 | 1 Ge | 1 Cimplicity | 2025-04-16 | 7.8 High |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2022-3084 | 1 Ge | 1 Cimplicity | 2025-04-16 | 7.8 High |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2022-21168 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2025-04-16 | 3.3 Low |
| The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. | ||||
| CVE-2021-42702 | 1 Inkscape | 1 Inkscape | 2025-04-16 | 3.3 Low |
| Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. | ||||
| CVE-2022-38138 | 1 Trianglemicroworks | 2 Iec 60870-6 Software Library, Iec 61850 Software Library | 2025-04-16 | 7.5 High |
| The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition. | ||||
| CVE-2022-34480 | 1 Mozilla | 1 Firefox | 2025-04-15 | 8.8 High |
| Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102. | ||||
| CVE-2016-1005 | 7 Adobe, Apple, Google and 4 more | 16 Air, Air Desktop Runtime, Air Sdk and 13 more | 2025-04-12 | 8.8 High |
| Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. | ||||
| CVE-2014-1564 | 2 Mozilla, Opensuse | 4 Firefox, Thunderbird, Evergreen and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. | ||||
| CVE-2016-4343 | 3 Opensuse, Php, Redhat | 3 Opensuse, Php, Rhel Software Collections | 2025-04-12 | 8.8 High |
| The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. | ||||
| CVE-2011-0479 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. | ||||
| CVE-2011-1814 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2010-1818 | 1 Apple | 1 Quicktime | 2025-04-11 | N/A |
| The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. | ||||
| CVE-2023-22398 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-04-07 | 5.3 Medium |
| An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO. | ||||
| CVE-2023-22366 | 1 Omron | 2 Cx-motion-mch, Cx-motion-mch Firmware | 2025-04-03 | 7.8 High |
| CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | ||||
| CVE-2023-24561 | 1 Siemens | 1 Solid Edge Se2023 | 2025-03-20 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||