Vulnerabilities (CVE)

Filtered by CWE-824
Total 211 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16377 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2024-11-21 9.3 HIGH 8.8 HIGH
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.
CVE-2017-12561 1 Hp 1 Intelligent Management Center 2024-11-21 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.
CVE-2016-4343 2 Opensuse, Php 2 Opensuse, Php 2024-11-21 6.8 MEDIUM 8.8 HIGH
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
CVE-2016-1005 6 Adobe, Apple, Google and 3 more 15 Air, Air Desktop Runtime, Air Sdk and 12 more 2024-11-21 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002.
CVE-2016-10447 1 Qualcomm 40 Mdm9206, Mdm9206 Firmware, Mdm9607 and 37 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, and SDX20, secure UI crash due to uninitialized link list entry in dynamic font module.
CVE-2015-1770 1 Microsoft 1 Office 2024-11-21 9.3 HIGH 8.8 HIGH
Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."
CVE-2014-1564 2 Mozilla, Opensuse 4 Firefox, Thunderbird, Evergreen and 1 more 2024-11-21 4.3 MEDIUM N/A
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.
CVE-2011-1814 1 Google 1 Chrome 2024-11-21 5.8 MEDIUM N/A
Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-0479 1 Google 2 Chrome, Chrome Os 2024-11-21 7.5 HIGH N/A
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.
CVE-2010-1818 1 Apple 1 Quicktime 2024-11-21 9.3 HIGH N/A
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.
CVE-2009-2768 1 Linux 1 Linux Kernel 2024-11-21 7.2 HIGH 7.8 HIGH
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."
CVE-2009-1721 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2024-11-21 6.8 MEDIUM N/A
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
CVE-2009-1415 1 Gnu 1 Gnutls 2024-11-21 4.3 MEDIUM N/A
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
CVE-2009-0846 5 Apple, Canonical, Fedoraproject and 2 more 9 Mac Os X, Ubuntu Linux, Fedora and 6 more 2024-11-21 10.0 HIGH N/A
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
CVE-2009-0040 6 Apple, Debian, Fedoraproject and 3 more 9 Iphone Os, Mac Os X, Debian Linux and 6 more 2024-11-21 6.8 MEDIUM N/A
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
CVE-2007-4682 1 Apple 1 Mac Os X 2024-11-21 6.8 MEDIUM N/A
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
CVE-2007-4639 1 Enterprisedb 1 Postgres Advanced Server 2024-11-21 6.5 MEDIUM N/A
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
CVE-2007-4000 2 Fedoraproject, Mit 2 Fedora, Kerberos 5 2024-11-21 8.5 HIGH N/A
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
CVE-2007-2442 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2024-11-21 10.0 HIGH N/A
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
CVE-2007-1213 1 Microsoft 1 Windows 2000 2024-11-21 7.2 HIGH N/A
The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.