Total
208 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31599 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-02-28 | 4.6 MEDIUM | 8.2 HIGH |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
CVE-2022-38427 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-34244 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-41851 | 1 Siemens | 2 Jt Open Toolkit, Simcenter Femap | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973) | |||||
CVE-2022-34228 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-40646 | 1 Ansys | 1 Spaceclaim | 2024-02-28 | N/A | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17541. | |||||
CVE-2022-29055 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-28 | N/A | 7.5 HIGH |
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. | |||||
CVE-2022-21156 | 1 Intel | 1 Trace Analyzer And Collector | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2022-1809 | 1 Radare | 1 Radare2 | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. | |||||
CVE-2021-42702 | 1 Inkscape | 1 Inkscape | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. | |||||
CVE-2022-32136 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. | |||||
CVE-2022-31759 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. | |||||
CVE-2022-30540 | 1 Hornerautomation | 1 Cscape | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | |||||
CVE-2022-29033 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
CVE-2021-3608 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-02-28 | 4.9 MEDIUM | 6.0 MEDIUM |
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. | |||||
CVE-2022-22198 | 1 Juniper | 45 Junos, Mx10, Mx10000 and 42 more | 2024-02-28 | 7.1 HIGH | 7.5 HIGH |
An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1. | |||||
CVE-2022-23636 | 1 Bytecodealliance | 1 Wasmtime | 2024-02-28 | 7.1 HIGH | 8.1 HIGH |
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will result in an invalid drop of a `VMExternRef` via an uninitialized pointer. A number of conditions listed in the GitHub Security Advisory must be true in order for an instance to be vulnerable to this issue. Maintainers believe that the effective impact of this bug is relatively small because the usage of `externref` is still uncommon and without a resource limiter configured on the `Store`, which is not the default configuration, it is only possible to trigger the bug from an error returned by `mprotect` or `VirtualAlloc`. Note that on Linux with the `uffd` feature enabled, it is only possible to trigger the bug from a resource limiter as the call to `mprotect` is skipped. The bug has been fixed in 0.34.1 and 0.33.1 and users are encouraged to upgrade as soon as possible. If it is not possible to upgrade to version 0.34.1 or 0.33.1 of the `wasmtime` crate, it is recommend that support for the reference types proposal be disabled by passing `false` to `Config::wasm_reference_types`. Doing so will prevent modules that use `externref` from being loaded entirely. | |||||
CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-27794 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file | |||||
CVE-2022-21168 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. |