Filtered by CWE-822
Filtered by vendor Subscriptions
Total 156 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-36461 1 Zabbix 1 Zabbix 2024-12-10 9.1 Critical
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
CVE-2023-25515 2 Microsoft, Nvidia 10 Windows, Cloud Gaming, Geforce and 7 more 2024-11-29 7.8 High
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.
CVE-2024-40872 2024-11-21 8.4 High
There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The scope is changed, the impact to system confidentiality and integrity is high, the impact to the availability of the effected component is none.
CVE-2024-0091 7 Canonical, Citrix, Linux and 4 more 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more 2024-11-21 7.8 High
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
CVE-2023-43518 1 Qualcomm 306 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 303 more 2024-11-21 7.3 High
Memory corruption in video while parsing invalid mp2 clip.
CVE-2023-41139 1 Autodesk 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more 2024-11-21 7.8 High
A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
CVE-2023-35711 1 Ashlar Vellum 1 Cobalt 2024-11-21 N/A
Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20189.
CVE-2023-34311 1 Ashlar 1 Cobalt 2024-11-21 N/A
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19879.
CVE-2023-34309 1 Ashlar 1 Cobalt 2024-11-21 N/A
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19876.
CVE-2023-34301 1 Ashlar Vellum 1 Cobalt 2024-11-21 N/A
Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17909.
CVE-2023-34300 1 Ashlar Vellum 1 Cobalt 2024-11-21 N/A
Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17948.
CVE-2023-31023 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2024-11-21 5.5 Medium
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.
CVE-2023-21643 1 Qualcomm 48 Apq8064au, Apq8064au Firmware, Apq8096au and 45 more 2024-11-21 9.1 Critical
Memory corruption due to untrusted pointer dereference in automotive during system call.
CVE-2023-1437 1 Advantech 1 Webaccess\/scada 2024-11-21 9.8 Critical
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
CVE-2022-40533 1 Qualcomm 220 Csra6620, Csra6620 Firmware, Csra6640 and 217 more 2024-11-21 6.2 Medium
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
CVE-2022-34890 1 Parallels 1 Parallels Desktop 2024-11-21 8.8 High
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16653.
CVE-2022-26942 1 Motorola 4 Mtm5400, Mtm5400 Firmware, Mtm5500 and 1 more 2024-11-21 8.2 High
The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.
CVE-2022-22514 1 Codesys 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more 2024-11-21 7.1 High
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
CVE-2022-20796 4 Cisco, Clamav, Debian and 1 more 4 Secure Endpoint, Clamav, Debian Linux and 1 more 2024-11-21 6.5 Medium
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
CVE-2021-38401 1 Fujielectric 2 V-server, V-simulator 2024-11-21 7.8 High
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.