Total
2089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3194 | 4 Canonical, Debian, Nodejs and 1 more | 4 Ubuntu Linux, Debian Linux, Node.js and 1 more | 2022-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. | |||||
| CVE-2021-20299 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-12 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20296 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-23476 | 1 Nokogiri | 1 Nokogiri | 2022-12-09 | N/A | 7.5 HIGH |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. | |||||
| CVE-2016-9313 | 1 Linux | 1 Linux Kernel | 2022-12-09 | 9.3 HIGH | 7.8 HIGH |
| security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. | |||||
| CVE-2018-19939 | 1 Mi | 4 Mi A2 Lite, Mi A2 Lite Firmware, Redmi 6 and 1 more | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c. | |||||
| CVE-2017-8843 | 1 Long Range Zip Project | 1 Long Range Zip | 2022-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | |||||
| CVE-2017-8847 | 1 Long Range Zip Project | 1 Long Range Zip | 2022-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | |||||
| CVE-2017-14436 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability. | |||||
| CVE-2017-14437 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability. | |||||
| CVE-2017-12124 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. | |||||
| CVE-2017-14435 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability. | |||||
| CVE-2022-3278 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-12-08 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | |||||
| CVE-2022-25258 | 4 Debian, Fedoraproject, Linux and 1 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2022-12-06 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. | |||||
| CVE-2020-3481 | 4 Canonical, Clamav, Debian and 1 more | 4 Ubuntu Linux, Clamav, Debian Linux and 1 more | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | |||||
| CVE-2022-3303 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-12-02 | N/A | 4.7 MEDIUM |
| A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition | |||||
| CVE-2022-37797 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2022-12-02 | N/A | 7.5 HIGH |
| In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. | |||||
| CVE-2019-11810 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-12-02 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | |||||
| CVE-2022-1674 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2022-12-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. | |||||
| CVE-2021-26948 | 1 Htmldoc Project | 1 Htmldoc | 2022-12-02 | 6.8 MEDIUM | 7.8 HIGH |
| Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. | |||||