Total
2089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25866 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2022-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | |||||
| CVE-2020-18731 | 1 Iec104 Project | 1 Iec104 | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | |||||
| CVE-2020-18730 | 1 Iec104 Project | 1 Iec104 | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | |||||
| CVE-2022-42306 | 1 Veritas | 1 Netbackup | 2022-10-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. | |||||
| CVE-2020-29652 | 1 Golang | 1 Ssh | 2022-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | |||||
| CVE-2022-41841 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File. | |||||
| CVE-2022-41843 | 1 Xpdfreader | 1 Xpdf | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. | |||||
| CVE-2021-46019 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2022-09-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | |||||
| CVE-2022-24577 | 1 Gpac | 1 Gpac | 2022-09-29 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.) | |||||
| CVE-2014-2497 | 6 Canonical, Debian, Oracle and 3 more | 12 Ubuntu Linux, Debian Linux, Solaris and 9 more | 2022-09-28 | 4.3 MEDIUM | N/A |
| The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. | |||||
| CVE-2021-38604 | 3 Fedoraproject, Gnu, Oracle | 8 Fedora, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2022-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. | |||||
| CVE-2021-4145 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2022-09-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. | |||||
| CVE-2022-2973 | 1 Mz-automation | 1 Libiec61850 | 2022-09-26 | N/A | 7.5 HIGH |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server. | |||||
| CVE-2022-2309 | 2 Lxml, Xmlsoft | 2 Lxml, Libxml2 | 2022-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | |||||
| CVE-2020-15469 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 2.3 LOW |
| In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | |||||
| CVE-2020-35504 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2022-09-22 | 2.1 LOW | 6.0 MEDIUM |
| A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-35505 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-22 | 2.1 LOW | 4.4 MEDIUM |
| A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-38928 | 1 Xpdfreader | 1 Xpdf | 2022-09-22 | N/A | 7.8 HIGH |
| XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. | |||||
| CVE-2019-8413 | 1 Mi | 2 Mi Mix 2, Mi Mix 2 Firmware | 2022-09-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). | |||||
| CVE-2022-40759 | 1 Samsung | 1 Mtower | 2022-09-21 | N/A | 7.5 HIGH |
| A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation. | |||||