CWE-824— Access of Uninitialized Pointer
269 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-824page 4 of 6
- CVE-2022-41851HIGHCVSS 7.8EG 7.82022-10-11
A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer refe…
- CVE-2022-42885CRITICALCVSS 9.8EG 9.82023-07-21
A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a mali…
- CVE-2022-42895MEDIUMCVSS 5.1EG 5.52022-11-23
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/…
- CVE-2022-43606HIGHCVSS 7.5EG 7.52023-03-16
A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry functionality of EIP Stack Group OpENer development commit 58ee13c. A specially-crafted EtherNet/IP request can lead to use of a null point…
- CVE-2022-43609HIGHCVSS 7.8EG 7.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. …
- CVE-2022-44451CRITICALCVSS 9.8EG 9.82023-07-21
A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a mal…
- CVE-2022-45861MEDIUMCVSS 6.5EG 6.52023-03-07
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 throu…
- CVE-2022-46280CRITICALCVSS 9.8EG 9.82023-07-21
A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a …
- CVE-2023-20594MEDIUMCVSS 4.4EG 4.42023-09-20
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
- CVE-2023-20597MEDIUMCVSS 5.5EG 5.52023-09-20
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
- CVE-2023-21618HIGHCVSS 7.8EG 7.82023-06-15
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires …
- CVE-2023-22366HIGHCVSS 7.8EG 7.82023-01-17
CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
- CVE-2023-22398MEDIUMCVSS 5.3EG 5.32023-01-13
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an…
- CVE-2023-24561HIGHCVSS 7.8EG 7.82023-02-14
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted …
- CVE-2023-24562HIGHCVSS 7.8EG 7.82023-02-14
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted …
- CVE-2023-24563HIGHCVSS 7.8EG 7.82023-02-14
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted …
- CVE-2023-24826MEDIUMCVSS 5.9EG 5.92023-05-30
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an …
- CVE-2023-24978HIGHCVSS 7.8EG 7.82023-02-14
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage th…
- CVE-2023-25007HIGHCVSS 7.8EG 7.82023-05-12
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.
- CVE-2023-26334HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2023-26344MEDIUMCVSS 5.5EG 5.52023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL…
- CVE-2023-26370HIGHCVSS 7.8EG 7.82023-10-11
Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is…
- CVE-2023-26386MEDIUMCVSS 5.5EG 5.52023-04-12
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations su…
- CVE-2023-26387MEDIUMCVSS 5.5EG 5.52023-04-12
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations su…
- CVE-2023-27858HIGHCVSS 7.8EG 7.82023-10-27
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The…
- CVE-2023-29178MEDIUMCVSS 4.3EG 4.32023-06-13
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash…
- CVE-2023-29278HIGHCVSS 7.8EG 7.82023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u…
- CVE-2023-29286MEDIUMCVSS 5.5EG 5.52023-05-11
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations …
- CVE-2023-30847HIGHCVSS 8.2EG 8.22023-04-27
H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can …
- CVE-2023-31244HIGHCVSS 7.8EG 7.82023-06-06
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized po…
- CVE-2023-34263HIGHCVSS 7.8EG 7.82024-05-03
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User int…
- CVE-2023-34272HIGHCVSS 7.8EG 7.82024-05-03
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User int…
- CVE-2023-34288HIGHCVSS 7.8EG 7.02024-05-03
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is req…
- CVE-2023-35712HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is requ…
- CVE-2023-35713HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is requ…
- CVE-2023-35715HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is requ…
- CVE-2023-36054MEDIUMCVSS 6.5EG 6.52023-08-07
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not…
- CVE-2023-38223HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context of the current user. Exploitation of th…
- CVE-2023-38226HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Expl…
- CVE-2023-38234HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Expl…
- CVE-2023-38246HIGHCVSS 7.8EG 7.82023-08-10
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Expl…
- CVE-2023-43531HIGHCVSS 8.4EG 8.42024-05-06
Memory corruption while verifying the serialized header when the key pairs are generated.
- CVE-2023-44327MEDIUMCVSS 5.5EG 3.32023-11-16
Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass…
- CVE-2023-44329MEDIUMCVSS 5.5EG 3.32023-11-16
Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass…
- CVE-2023-44362MEDIUMCVSS 5.5EG 5.52023-12-13
Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. E…
- CVE-2023-44365HIGHCVSS 7.8EG 7.82023-11-16
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Expl…
- CVE-2023-4508MEDIUMCVSS 5.5EG 5.52023-08-24
A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.
- CVE-2023-47044MEDIUMCVSS 5.5EG 3.32023-11-16
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to by…
- CVE-2023-47047MEDIUMCVSS 5.5EG 7.82023-11-16
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu…
- CVE-2023-47053MEDIUMCVSS 5.5EG 5.52023-11-16
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass …
Map vulnerabilities like CWE-824 to your infrastructure
EchelonGraph correlates every CVE — across CWE-824 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →