Export limit exceeded: 357825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1771 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39147 | 1 Siemens | 2 Parasolid, Simcenter Femap | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506) | ||||
| CVE-2022-39146 | 1 Siemens | 2 Parasolid, Simcenter Femap | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17502) | ||||
| CVE-2022-37191 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 6.5 Medium |
| The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. | ||||
| CVE-2022-34890 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 8.8 High |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16653. | ||||
| CVE-2022-34121 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. | ||||
| CVE-2022-33280 | 1 Qualcomm | 124 Apq8096au, Apq8096au Firmware, Ar8031 and 121 more | 2024-11-21 | 7.3 High |
| Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet. | ||||
| CVE-2022-33246 | 1 Qualcomm | 84 Apq8096au, Apq8096au Firmware, Aqt1000 and 81 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id. | ||||
| CVE-2022-32142 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 8.1 High |
| Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. | ||||
| CVE-2022-32136 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 6.5 Medium |
| In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. | ||||
| CVE-2022-31759 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.5 Medium |
| AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. | ||||
| CVE-2022-31625 | 3 Debian, Php, Redhat | 4 Debian Linux, Php, Enterprise Linux and 1 more | 2024-11-21 | 8.1 High |
| In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | ||||
| CVE-2022-31599 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 8.2 High |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | ||||
| CVE-2022-30244 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2024-11-21 | 8.0 High |
| Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function. | ||||
| CVE-2022-30243 | 1 Honeywell | 2 Alterton Visual Logic, Alterton Visual Logic Firmware | 2024-11-21 | 8.8 High |
| Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function. | ||||
| CVE-2022-29925 | 1 Fujielectric | 1 V-sft | 2024-11-21 | 7.8 High |
| Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||
| CVE-2022-29845 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 6.5 Medium |
| In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | ||||
| CVE-2022-29055 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.5 High |
| A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request. | ||||
| CVE-2022-29033 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2022-27406 | 3 Fedoraproject, Freetype, Redhat | 4 Fedora, Freetype, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. | ||||
| CVE-2022-27405 | 3 Fedoraproject, Freetype, Redhat | 4 Fedora, Freetype, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. | ||||