Search
Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||||
| CVE-2021-25690 | 1 Teradici | 1 Pcoip Soft Client | 2021-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. | |||||
| CVE-2021-27186 | 1 Treasuredata | 1 Fluent Bit | 2021-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | |||||
| CVE-2021-25903 | 1 Cache Project | 1 Cache | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced. | |||||
| CVE-2019-20816 | 1 Foxitsoftware | 1 Phantompdf | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data. | |||||
| CVE-2019-20820 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. | |||||
| CVE-2021-25904 | 1 Av-data Project | 1 Av-data | 2021-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault. | |||||
| CVE-2021-0206 | 1 Juniper | 17 Junos, Nfx150, Nfx250 and 14 more | 2021-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX Series and SRX Series: 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S1; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions on NFX Series and SRX Series prior to 18.3R1. | |||||
| CVE-2020-25866 | 1 Wireshark | 1 Wireshark | 2021-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | |||||
| CVE-2021-1064 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2020-27279 | 1 Redlion | 1 Crimson | 2021-01-08 | 7.8 HIGH | 7.5 HIGH |
| A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001). | |||||
| CVE-2020-25692 | 2 Openldap, Redhat | 2 Openldap, Enterprise Linux | 2021-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | |||||
| CVE-2019-11338 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | |||||
| CVE-2019-12155 | 1 Qemu | 1 Qemu | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | |||||
| CVE-2020-35450 | 1 Gobby Project | 1 Gobby | 2020-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | |||||
| CVE-2020-35668 | 1 Redislabs | 1 Redisgraph | 2020-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. | |||||
| CVE-2020-12845 | 1 Cherokee-project | 1 Cherokee | 2020-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest. | |||||
| CVE-2019-15680 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. | |||||
| CVE-2020-25465 | 1 Moddable | 1 Moddable | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | |||||
| CVE-2019-12412 | 1 Apache | 1 Libapreq2 | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | |||||
| CVE-2020-5646 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | |||||
| CVE-2020-26213 | 1 Teler Project | 1 Teler | 2020-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1. | |||||
| CVE-2016-7131 | 1 Php | 1 Php | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character. | |||||
| CVE-2016-7132 | 1 Php | 1 Php | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. | |||||
| CVE-2020-28344 | 1 Google | 1 Android | 2020-11-16 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020). | |||||
| CVE-2020-28345 | 1 Google | 1 Android | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020). | |||||
| CVE-2020-5655 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2020-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | |||||
| CVE-2015-4054 | 1 Pgbouncer | 1 Pgbouncer | 2020-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. | |||||
| CVE-2019-10901 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2020-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | |||||
| CVE-2020-14356 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2020-11-02 | 7.2 HIGH | 7.8 HIGH |
| A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
| CVE-2019-8588 | 1 Apple | 1 Airport Base Station Firmware | 2020-10-30 | 7.8 HIGH | 7.5 HIGH |
| A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service. | |||||
| CVE-2017-9250 | 1 Jerryscript | 1 Jerryscript | 2020-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function. | |||||
| CVE-2018-1000179 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2020-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. | |||||
| CVE-2020-25858 | 1 Qualcomm | 1 Qualcomm Mobile Access Point | 2020-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. | |||||
| CVE-2020-24659 | 2 Fedoraproject, Gnu | 2 Fedora, Gnutls | 2020-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | |||||
| CVE-2018-20024 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2020-10-23 | 5.0 MEDIUM | 7.5 HIGH |
| LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | |||||
| CVE-2020-3552 | 1 Cisco | 28 Access Points, Aironet 1542d, Aironet 1542i and 25 more | 2020-10-08 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device. | |||||
| CVE-2019-8936 | 5 Fedoraproject, Hpe, Netapp and 2 more | 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more | 2020-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| NTP through 4.2.8p12 has a NULL Pointer Dereference. | |||||
| CVE-2020-3407 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2020-10-06 | 7.1 HIGH | 8.6 HIGH |
| A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2020-25821 | 1 Peg-markdown Project | 1 Peg-markdown | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2019-12111 | 2 Debian, Miniupnp Project | 2 Debian Linux, Miniupnpd | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. | |||||
| CVE-2019-12110 | 1 Miniupnp.free | 1 Miniupnpd | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c. | |||||
| CVE-2019-12109 | 1 Miniupnp Project | 1 Miniupnpd | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. | |||||
| CVE-2019-12108 | 1 Miniupnp Project | 1 Miniupnpd | 2020-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. | |||||
| CVE-2018-19870 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2020-09-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | |||||
| CVE-2020-12059 | 1 Linuxfoundation | 1 Ceph | 2020-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. | |||||
| CVE-2019-9656 | 1 Libofx Project | 1 Libofx | 2020-09-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. | |||||
| CVE-2018-9240 | 1 Ncmpc Project | 1 Ncmpc | 2020-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. | |||||
| CVE-2020-11158 | 1 Qualcomm | 1 Ips Pdf | 2020-09-14 | 7.8 HIGH | 7.5 HIGH |
| u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.2 | |||||
| CVE-2018-13903 | 1 Qualcomm | 22 Apq8053, Apq8053 Firmware, Mdm9205 and 19 more | 2020-09-11 | 9.3 HIGH | 8.1 HIGH |
| u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150 | |||||