Total
263 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9670 | 1 Gnuplot Project | 1 Gnuplot | 2025-04-20 | N/A |
| An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file. | ||||
| CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2022-29488 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2022-30540 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | ||||
| CVE-2022-3378 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write. | ||||
| CVE-2022-3377 | 1 Hornerautomation | 1 Cscape | 2025-04-16 | 7.8 High |
| Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read. | ||||
| CVE-2022-2952 | 1 Ge | 1 Cimplicity | 2025-04-16 | 7.8 High |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2022-3084 | 1 Ge | 1 Cimplicity | 2025-04-16 | 7.8 High |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2022-21168 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2025-04-16 | 3.3 Low |
| The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. | ||||
| CVE-2021-42702 | 1 Inkscape | 1 Inkscape | 2025-04-16 | 3.3 Low |
| Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. | ||||
| CVE-2022-38138 | 1 Trianglemicroworks | 2 Iec 60870-6 Software Library, Iec 61850 Software Library | 2025-04-16 | 7.5 High |
| The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition. | ||||
| CVE-2022-34480 | 1 Mozilla | 1 Firefox | 2025-04-15 | 8.8 High |
| Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102. | ||||
| CVE-2016-4343 | 3 Opensuse, Php, Redhat | 3 Opensuse, Php, Rhel Software Collections | 2025-04-12 | 8.8 High |
| The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. | ||||
| CVE-2014-1564 | 2 Mozilla, Opensuse | 4 Firefox, Thunderbird, Evergreen and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. | ||||
| CVE-2016-1005 | 7 Adobe, Apple, Google and 4 more | 16 Air, Air Desktop Runtime, Air Sdk and 13 more | 2025-04-12 | 8.8 High |
| Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. | ||||
| CVE-2024-8645 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 5.5 Medium |
| SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2010-1818 | 1 Apple | 1 Quicktime | 2025-04-11 | N/A |
| The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. | ||||
| CVE-2011-1814 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2011-0479 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. | ||||
| CVE-2007-4000 | 3 Fedoraproject, Mit, Redhat | 3 Fedora, Kerberos 5, Enterprise Linux | 2025-04-09 | N/A |
| The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||||