Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31759 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-29925 | 1 Fujielectric | 1 V-sft | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2021-42702 | 1 Inkscape | 1 Inkscape | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. | |||||
| CVE-2022-1809 | 1 Radare | 1 Radare2 | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. | |||||
| CVE-2022-21168 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. | |||||
| CVE-2022-27794 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file | |||||
| CVE-2022-32136 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. | |||||
| CVE-2022-21156 | 1 Intel | 1 Trace Analyzer And Collector | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-21971 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Windows Runtime Remote Code Execution Vulnerability | |||||
| CVE-2021-43746 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it. | |||||
| CVE-2021-41214 | 1 Google | 1 Tensorflow | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-43030 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it. | |||||
| CVE-2021-41204 | 1 Google | 1 Tensorflow | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-34596 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition. | |||||
| CVE-2021-36219 | 1 Skale | 1 Sgxwallet | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0. | |||||
| CVE-2021-38409 | 1 Fujielectric | 2 V-server, V-simulator | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service. | |||||
| CVE-2021-41538 | 1 Siemens | 13 Nx 1957, Nx 1957 Firmware, Nx 1961 and 10 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770). | |||||
| CVE-2021-41201 | 1 Google | 1 Tensorflow | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never assigns `false`. This results in unitialized variable access if callers assume that `EinsumHelper::ParseEquation()` always sets these flags. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-33015 | 1 Hornerautomation | 1 Cscape | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-38205 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). | |||||