Vulnerabilities (CVE)

Filtered by CWE-824
Total 211 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40643 1 Ansys 1 Spaceclaim 2024-11-21 N/A 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17407.
CVE-2022-40642 1 Ansys 1 Spaceclaim 2024-11-21 N/A 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17318.
CVE-2022-3378 1 Hornerautomation 1 Cscape 2024-11-21 N/A 7.8 HIGH
Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.
CVE-2022-3377 1 Hornerautomation 1 Cscape 2024-11-21 N/A 7.8 HIGH
Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.
CVE-2022-3084 1 Ge 1 Cimplicity 2024-11-21 N/A 7.8 HIGH
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.
CVE-2022-39147 1 Siemens 2 Parasolid, Simcenter Femap 2024-11-21 N/A 7.8 HIGH
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)
CVE-2022-39146 1 Siemens 2 Parasolid, Simcenter Femap 2024-11-21 N/A 7.8 HIGH
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17502)
CVE-2022-38427 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2024-11-21 N/A 7.8 HIGH
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-38426 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2024-11-21 N/A 7.8 HIGH
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-38138 1 Trianglemicroworks 2 Iec 60870-6 Software Library, Iec 61850 Software Library 2024-11-21 N/A 7.5 HIGH
The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.
CVE-2022-34480 1 Mozilla 1 Firefox 2024-11-21 N/A 8.8 HIGH
Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.
CVE-2022-34244 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2024-11-21 N/A 5.5 MEDIUM
Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-34228 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 N/A 7.8 HIGH
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-33280 1 Qualcomm 124 Apq8096au, Apq8096au Firmware, Ar8031 and 121 more 2024-11-21 N/A 7.3 HIGH
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.
CVE-2022-32136 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.
CVE-2022-31759 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 2.1 LOW 5.5 MEDIUM
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31599 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2024-11-21 4.6 MEDIUM 8.2 HIGH
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
CVE-2022-30540 1 Hornerautomation 1 Cscape 2024-11-21 6.8 MEDIUM 7.8 HIGH
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code
CVE-2022-2952 1 Ge 1 Cimplicity 2024-11-21 N/A 7.8 HIGH
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
CVE-2022-29925 1 Fujielectric 1 V-sft 2024-11-21 6.8 MEDIUM 7.8 HIGH
Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.