Total
215 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38246 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-08-15 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-29925 | 1 Fujielectric | 1 V-sft | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-46280 | 1 Openbabel | 1 Open Babel | 2023-07-27 | N/A | 7.8 HIGH |
| A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-44451 | 1 Openbabel | 1 Open Babel | 2023-07-27 | N/A | 7.8 HIGH |
| A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-42885 | 1 Openbabel | 1 Open Babel | 2023-07-27 | N/A | 7.8 HIGH |
| A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-30540 | 1 Hornerautomation | 1 Cscape | 2023-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | |||||
| CVE-2022-29488 | 1 Hornerautomation | 1 Cscape | 2023-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2023-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-1016 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-06-27 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | |||||
| CVE-2023-21618 | 1 Adobe | 1 Substance 3d Designer | 2023-06-27 | N/A | 7.8 HIGH |
| Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-29568 | 1 Google | 1 Tensorflow | 2023-06-26 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`. If `shape` argument is empty, then `shape_tensor.flat<T>()` is an empty array. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2023-31244 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2023-06-12 | N/A | 7.8 HIGH |
| The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. | |||||
| CVE-2023-24826 | 1 Riot-os | 1 Riot | 2023-06-06 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR. | |||||
| CVE-2023-25007 | 1 Autodesk | 1 3ds Max Usd | 2023-05-22 | N/A | 7.8 HIGH |
| A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. | |||||
| CVE-2023-29286 | 1 Adobe | 1 Substance 3d Painter | 2023-05-17 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-29278 | 1 Adobe | 1 Substance 3d Painter | 2023-05-17 | N/A | 7.8 HIGH |
| Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-30847 | 1 Dena | 1 H2o | 2023-05-09 | N/A | 8.2 HIGH |
| H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later. | |||||
| CVE-2023-26386 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-04-19 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-26387 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-04-19 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-43609 | 1 Ironcad | 1 Ironcad | 2023-04-07 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. When parsing the VECTOR element, the process does not properly initialize a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17672. | |||||