Total
203 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-35715 | 2024-09-18 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20408. | |||||
CVE-2023-35713 | 2024-09-18 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20201. | |||||
CVE-2023-35712 | 2024-09-18 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20200. | |||||
CVE-2023-34288 | 2024-09-18 | N/A | 7.0 HIGH | ||
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17966. | |||||
CVE-2024-8645 | 2024-09-10 | N/A | 5.5 MEDIUM | ||
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file | |||||
CVE-2021-29098 | 1 Esri | 4 Arcgis Engine, Arcgis Pro, Arcmap and 1 more | 2024-07-11 | 6.8 MEDIUM | 7.8 HIGH |
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | |||||
CVE-2015-1770 | 1 Microsoft | 1 Office | 2024-07-09 | 9.3 HIGH | 8.8 HIGH |
Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability." | |||||
CVE-2022-21971 | 1 Microsoft | 9 Windows 10 1809, Windows 10 1909, Windows 10 20h2 and 6 more | 2024-06-28 | 9.3 HIGH | 7.8 HIGH |
Windows Runtime Remote Code Execution Vulnerability | |||||
CVE-2024-32998 | 2024-05-14 | N/A | 5.9 MEDIUM | ||
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2024-33608 | 2024-05-08 | N/A | 7.5 HIGH | ||
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2023-43531 | 2024-05-06 | N/A | 8.4 HIGH | ||
Memory corruption while verifying the serialized header when the key pairs are generated. | |||||
CVE-2023-34263 | 2024-05-03 | N/A | 7.8 HIGH | ||
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162. | |||||
CVE-2023-34272 | 2024-05-03 | N/A | 7.8 HIGH | ||
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182. | |||||
CVE-2022-33280 | 1 Qualcomm | 124 Apq8096au, Apq8096au Firmware, Ar8031 and 121 more | 2024-04-12 | N/A | 8.8 HIGH |
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet. | |||||
CVE-2024-21919 | 2024-03-26 | N/A | 7.8 HIGH | ||
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | |||||
CVE-2024-26004 | 2024-03-12 | N/A | 7.5 HIGH | ||
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. | |||||
CVE-2023-44327 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-49131 | 1 Siemens | 1 Solid Edge Se2023 | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
CVE-2023-44362 | 3 Adobe, Apple, Microsoft | 3 Prelude, Macos, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-47582 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-02-28 | N/A | 7.8 HIGH |
Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed. |