Total
248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44451 | 1 Openbabel | 1 Open Babel | 2025-03-05 | 9.8 Critical |
| A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-57943 | 1 Linux | 1 Linux Kernel | 2025-02-28 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end(). | ||||
| CVE-2023-38234 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-27 | 7.8 High |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-21971 | 1 Microsoft | 9 Windows 10 1809, Windows 10 1909, Windows 10 20h2 and 6 more | 2025-02-24 | 7.8 High |
| Windows Runtime Remote Code Execution Vulnerability | ||||
| CVE-2022-43609 | 1 Ironcad | 1 Ironcad | 2025-02-14 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. When parsing the VECTOR element, the process does not properly initialize a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17672. | ||||
| CVE-2022-4744 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-02-14 | 7.8 High |
| A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2015-1770 | 1 Microsoft | 1 Office | 2025-02-10 | 8.8 High |
| Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability." | ||||
| CVE-2023-35712 | 1 Ashlar | 1 Cobalt | 2025-02-04 | 7.8 High |
| Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20200. | ||||
| CVE-2024-57874 | 1 Linux | 1 Linux Kernel | 2025-02-03 | 6.1 Medium |
| In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. As set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and rejects other values, a partial SETREGSET attempt will randomly succeed or fail depending on the value of the uninitialized value, and the exposure is significantly limited. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing value of the tagged address ctrl will be retained. The NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the user_aarch64_view used by a native AArch64 task to manipulate another native AArch64 task. As get_tagged_addr_ctrl() only returns an error value when called for a compat task, tagged_addr_ctrl_get() and tagged_addr_ctrl_set() should never observe an error value from get_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that such an error would be unexpected, and error handlnig is not missing in either case. | ||||
| CVE-2023-30847 | 1 Dena | 1 H2o | 2025-01-30 | 8.2 High |
| H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later. | ||||
| CVE-2023-25007 | 1 Autodesk | 1 3ds Max Usd | 2025-01-24 | 7.8 High |
| A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. | ||||
| CVE-2024-26004 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | 7.5 High |
| An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. | ||||
| CVE-2021-26093 | 1 Fortinet | 1 Fortiwlc | 2025-01-21 | 6.6 Medium |
| An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command. | ||||
| CVE-2006-0054 | 1 Freebsd | 1 Freebsd | 2025-01-16 | 5.3 Medium |
| The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. | ||||
| CVE-2023-43531 | 1 Qualcomm | 256 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 253 more | 2025-01-15 | 8.4 High |
| Memory corruption while verifying the serialized header when the key pairs are generated. | ||||
| CVE-2023-24826 | 1 Riot-os | 1 Riot | 2025-01-10 | 5.9 Medium |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR. | ||||
| CVE-2023-31244 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. | ||||
| CVE-2024-42116 | 2024-12-19 | 4.4 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-50100 | 1 Linux | 1 Linux Kernel | 2024-12-19 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out that the problems are caused by a subtle difference between the timer_pending() and hrtimer_active() APIs. The changeover blindly replaced the first by the second. However, timer_pending() returns True when the timer is queued but not when its callback is running, whereas hrtimer_active() returns True when the hrtimer is queued _or_ its callback is running. This difference occasionally caused dummy_urb_enqueue() to think that the callback routine had not yet started when in fact it was almost finished. As a result the hrtimer was not restarted, which made it impossible for the driver to dequeue later the URB that was just enqueued. This caused usb_kill_urb() to hang, and things got worse from there. Since hrtimers have no API for telling when they are queued and the callback isn't running, the driver must keep track of this for itself. That's what this patch does, adding a new "timer_pending" flag and setting or clearing it at the appropriate times. | ||||
| CVE-2024-50088 | 1 Linux | 1 Linux Kernel | 2024-12-19 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL, dir = read_one_inode(root, parent_objectid); if (!dir) { ret = -ENOENT; goto out; } inode = read_one_inode(root, inode_objectid); if (!inode) { ret = -EIO; goto out; } then "name.name" would be freed on "out" before being initialized. out: ... kfree(name.name); This issue was reported by Coverity with CID 1526744. | ||||