Total
2089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13583 | 1 Micrium | 1 Uc-http | 2022-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-34736 | 1 Huawei | 2 Emui, Harmonyos | 2022-07-19 | 7.8 HIGH | 7.5 HIGH |
| The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. | |||||
| CVE-2022-34735 | 1 Huawei | 2 Emui, Harmonyos | 2022-07-19 | 7.8 HIGH | 7.5 HIGH |
| The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. | |||||
| CVE-2020-11273 | 1 Qualcomm | 356 Csrb31024, Csrb31024 Firmware, Pm3003a and 353 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2021-45079 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Extra Packages For Enterprise Linux and 2 more | 2022-07-12 | 5.8 MEDIUM | 9.1 CRITICAL |
| In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | |||||
| CVE-2021-40826 | 2 Clementine-player, Microsoft | 2 Clementine, Windows | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | |||||
| CVE-2022-31077 | 1 Linuxfoundation | 1 Kubeedge | 2022-07-11 | 3.5 LOW | 5.7 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. | |||||
| CVE-2022-2279 | 1 Libmobi Project | 1 Libmobi | 2022-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||||
| CVE-2022-31076 | 1 Linuxfoundation | 1 Kubeedge | 2022-07-07 | 2.7 LOW | 5.7 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. | |||||
| CVE-2021-40943 | 1 Axiosys | 1 Bento4 | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
| CVE-2021-40944 | 1 Gpac | 1 Gpac | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
| CVE-2021-41689 | 1 Offis | 1 Dcmtk | 2022-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. | |||||
| CVE-2022-2121 | 1 Offis | 1 Dcmtk | 2022-07-05 | 3.3 LOW | 6.5 MEDIUM |
| OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. | |||||
| CVE-2022-1507 | 2 Chafa Project, Fedoraproject | 2 Chafa, Fedora | 2022-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. | |||||
| CVE-2022-28049 | 1 F5 | 1 Njs | 2022-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. | |||||
| CVE-2021-46664 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2022-06-30 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | |||||
| CVE-2020-13575 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13577 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13578 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13574 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||