VYPR

CWE-824

Access of Uninitialized Pointer

BaseIncomplete

Description

The product accesses or uses a pointer that has not been initialized.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (80)

page 2 of 4
  • CVE-2017-9670HigJun 15, 2017
    risk 0.51cvss 7.8epss 0.01

    An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.

  • CVE-2009-2768HigAug 14, 2009
    risk 0.51cvss 7.8epss 0.00

    The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat…

  • CVE-2018-9948MedMay 17, 2018
    risk 0.50cvss 6.5epss 0.64

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2026-39458HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-2284HigMar 13, 2025
    risk 0.49cvss 7.5epss 0.06

    A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

  • CVE-2018-5392HigAug 14, 2018
    risk 0.49cvss 7.5epss 0.01

    mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing…

  • CVE-2016-10447HigApr 18, 2018
    risk 0.49cvss 7.5epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, and SDX20, secure UI crash due…

  • CVE-2018-1000099HigMar 13, 2018
    risk 0.49cvss 7.5epss 0.04

    Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in…

  • CVE-2026-23761MedJan 22, 2026
    risk 0.45cvss epss 0.00

    VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a…

  • CVE-2025-14739MedDec 18, 2025
    risk 0.44cvss epss 0.00

    Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤…

  • CVE-2026-42959HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to…

  • CVE-2024-24449MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.

  • CVE-2020-11721MedApr 12, 2020
    risk 0.42cvss 6.5epss 0.01

    load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

  • CVE-2026-6757MedApr 21, 2026
    risk 0.41cvss 6.3epss 0.00

    Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-1200MedFeb 18, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.

  • CVE-2026-27300MedApr 14, 2026
    risk 0.36cvss 5.5epss 0.00

    Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction…

  • CVE-2024-49938MedOct 21, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths.…

  • CVE-2018-5860MedJun 15, 2018
    risk 0.36cvss 5.5epss 0.00

    In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.

  • CVE-2006-0054MedJan 11, 2006
    risk 0.35cvss 5.3epss 0.03

    The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.

  • CVE-2026-6778MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.