Vulnerabilities (CVE)

Filtered by CWE-824
Total 226 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-2284 2025-03-13 N/A 7.5 HIGH
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
CVE-2023-34263 1 Fatek 1 Fvdesigner 2025-03-13 N/A 7.8 HIGH
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18162.
CVE-2023-34272 1 Fatek 1 Fvdesigner 2025-03-13 N/A 7.8 HIGH
Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FPJ files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18182.
CVE-2025-2173 2025-03-11 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
CVE-2024-57943 1 Linux 1 Linux Kernel 2025-02-28 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end().
CVE-2022-21971 1 Microsoft 9 Windows 10 1809, Windows 10 1909, Windows 10 20h2 and 6 more 2025-02-24 9.3 HIGH 7.8 HIGH
Windows Runtime Remote Code Execution Vulnerability
CVE-2023-25007 1 Autodesk 1 3ds Max Usd 2025-01-24 N/A 7.8 HIGH
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.
CVE-2024-26004 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 N/A 7.5 HIGH
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.
CVE-2021-26093 1 Fortinet 1 Fortiwlc 2025-01-21 N/A 7.3 HIGH
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.
CVE-2023-43531 1 Qualcomm 256 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 253 more 2025-01-15 N/A 8.4 HIGH
Memory corruption while verifying the serialized header when the key pairs are generated.
CVE-2024-45155 3 Adobe, Apple, Microsoft 3 Animate, Macos, Windows 2024-12-18 N/A 7.8 HIGH
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-21919 1 Rockwellautomation 1 Arena 2024-12-17 N/A 7.8 HIGH
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
CVE-2023-27858 1 Rockwellautomation 1 Arena 2024-12-17 N/A 7.8 HIGH
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.
CVE-2019-13527 1 Rockwellautomation 1 Arena 2024-12-17 6.8 MEDIUM 7.8 HIGH
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.
CVE-2024-32998 1 Huawei 2 Emui, Harmonyos 2024-12-09 N/A 5.9 MEDIUM
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-24449 2024-11-26 N/A 6.5 MEDIUM
An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.
CVE-2024-9258 1 Irfanview 1 Irfanview 2024-11-25 N/A 7.8 HIGH
IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23276.
CVE-2024-33608 2024-11-21 N/A 7.5 HIGH
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-24925 1 Siemens 1 Simcenter Femap 2024-11-21 N/A 7.8 HIGH
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)
CVE-2023-4508 1 Gerbv Project 1 Gerbv 2024-11-21 N/A 5.5 MEDIUM
A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.