VYPR

CWE-824

Access of Uninitialized Pointer

BaseIncomplete

Description

The product accesses or uses a pointer that has not been initialized.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (80)

page 3 of 4
  • CVE-2018-7515MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets.

  • CVE-2018-0894MedMar 14, 2018
    risk 0.34cvss 4.7epss 0.02

    The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability…

  • CVE-2026-47320MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.

  • CVE-2026-6870MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6524MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-2100MedMar 26, 2026
    risk 0.27cvss 5.3epss 0.01

    A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an…

  • CVE-2010-1818Aug 31, 2010
    risk 0.06cvss epss 0.43

    The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.

  • CVE-2009-1415Apr 30, 2009
    risk 0.04cvss epss 0.08

    lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of…

  • CVE-2014-1564Sep 3, 2014
    risk 0.03cvss epss 0.05

    Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS…

  • CVE-2007-4639Aug 31, 2007
    risk 0.03cvss epss 0.05

    EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT…

  • CVE-2007-1213Apr 4, 2007
    risk 0.03cvss epss 0.04

    The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.

  • CVE-2009-0846Apr 9, 2009
    risk 0.01cvss epss 0.09

    The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an…

  • CVE-2007-2442Jun 26, 2007
    risk 0.01cvss epss 0.11

    The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

  • CVE-2006-6143Dec 31, 2006
    risk 0.01cvss epss 0.08

    The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of…

  • CVE-2022-23636Feb 16, 2022
    risk 0.00cvss epss 0.01

    Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will result in an…

  • CVE-2021-41208Nov 5, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse…

  • CVE-2021-41219Nov 5, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on…

  • CVE-2021-41214Nov 5, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on…

  • CVE-2021-41204Nov 5, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be…

  • CVE-2021-41201Nov 5, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the…