Search
Total
1933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10711 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, 3scale and 6 more | 2021-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. | |||||
| CVE-2021-25804 | 1 Videolan | 1 Vlc Media Player | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. | |||||
| CVE-2021-20596 | 1 Mitsubishielectric | 3 Fx3u-enet-l Firmware, Fx3u-enet-p502 Firmware, Fx3u-enet Firmware | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery. | |||||
| CVE-2017-12627 | 1 Apache | 1 Xerces-c\+\+ | 2021-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | |||||
| CVE-2020-19488 | 1 Gpac | 1 Gpac | 2021-07-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read. | |||||
| CVE-2021-1096 | 1 Nvidia | 1 Gpu Display Driver | 2021-07-30 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash. | |||||
| CVE-2020-19470 | 1 Flowpaper | 1 Pdf2json | 2021-07-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function DCTStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a NULL pointer dereference (invalid read of size 1) . | |||||
| CVE-2020-19468 | 1 Flowpaper | 1 Pdf2json | 2021-07-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a null pointer derefenrece (invalid read of size 8) . | |||||
| CVE-2021-1103 | 1 Nvidia | 1 Virtual Gpu | 2021-07-27 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8). | |||||
| CVE-2021-29616 | 1 Google | 1 Tensorflow | 2021-07-26 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29513 | 1 Google | 1 Tensorflow | 2021-07-26 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2020-13649 | 1 Jerryscript | 1 Jerryscript | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. | |||||
| CVE-2019-7076 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-12365 | 1 Intel | 1 Graphics Drivers | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access. | |||||
| CVE-2020-11286 | 1 Qualcomm | 135 Apq8009, Apq8009w, Apq8017 and 132 more | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-5183 | 1 Ftpgetter | 1 Ftpgetter | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference. | |||||
| CVE-2020-3999 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2021-07-21 | 2.1 LOW | 6.5 MEDIUM |
| VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. | |||||
| CVE-2020-1814 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 3.5 LOW | 5.3 MEDIUM |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. | |||||
| CVE-2019-10993 | 1 Advantech | 1 Webaccess | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | |||||
| CVE-2020-12370 | 1 Intel | 1 Graphics Drivers | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2020-6078 | 1 Videolabs | 1 Libmicrodns | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. | |||||
| CVE-2020-20231 | 1 Mikrotik | 1 Routeros | 2021-07-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||
| CVE-2021-33715 | 1 Siemens | 1 Jt Utilities | 2021-07-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. | |||||
| CVE-2021-33714 | 1 Siemens | 1 Jt Utilities | 2021-07-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. | |||||
| CVE-2020-20250 | 1 Mikrotik | 1 Routeros | 2021-07-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference. | |||||
| CVE-2020-20252 | 1 Mikrotik | 1 Routeros | 2021-07-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||
| CVE-2021-20296 | 1 Openexr | 1 Openexr | 2021-07-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-15304 | 1 Openexr | 1 Openexr | 2021-07-11 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. | |||||
| CVE-2020-35496 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35507 | 3 Gnu, Netapp, Redhat | 5 Binutils, Hci Bootstrap Os, Ontap Select Deploy Administration Utility and 2 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. | |||||
| CVE-2020-35495 | 3 Fedoraproject, Gnu, Netapp | 6 Fedora, Binutils, Hci Compute Node and 3 more | 2021-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2021-36147 | 1 Linux | 1 Acrn | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. | |||||
| CVE-2021-36146 | 1 Linux | 1 Acrn | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. | |||||
| CVE-2021-36143 | 1 Linux | 1 Acrn | 2021-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. | |||||
| CVE-2020-20212 | 1 Mikrotik | 1 Routeros | 2021-07-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||
| CVE-2020-20216 | 1 Mikrotik | 1 Routeros | 2021-07-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||
| CVE-2019-10097 | 2 Apache, Oracle | 8 Http Server, Communications Element Manager, Communications Session Report Manager and 5 more | 2021-07-07 | 6.0 MEDIUM | 7.2 HIGH |
| In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. | |||||
| CVE-2021-1075 | 1 Nvidia | 1 Gpu Display Driver | 2021-06-30 | 5.6 MEDIUM | 7.3 HIGH |
| NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. Attacker does not have any control over the information and may conduct limited data modification. | |||||
| CVE-2019-9923 | 2 Gnu, Opensuse | 2 Tar, Leap | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. | |||||
| CVE-2017-10790 | 1 Gnu | 1 Libtasn1 | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. | |||||
| CVE-2018-8740 | 2 Debian, Sqlite | 2 Debian Linux, Sqlite | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. | |||||
| CVE-2016-10087 | 1 Libpng | 1 Libpng | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. | |||||
| CVE-2021-33572 | 1 F-secure | 4 Cloud Protection For Salesforce, Elements For Microsoft 365, Endpoint Protection and 1 more | 2021-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | |||||
| CVE-2017-18189 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. | |||||
| CVE-2019-13590 | 1 Sound Exchange Project | 1 Sound Exchange | 2021-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. | |||||
| CVE-2021-0555 | 1 Google | 1 Android | 2021-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711 | |||||
| CVE-2014-0190 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Opensuse and 1 more | 2021-06-16 | 4.3 MEDIUM | N/A |
| The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. | |||||
| CVE-2020-9327 | 1 Sqlite | 1 Sqlite | 2021-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | |||||
| CVE-2018-14613 | 1 Linux | 1 Linux Kernel | 2021-06-14 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. | |||||
| CVE-2020-13435 | 2 Fedoraproject, Sqlite | 2 Fedora, Sqlite | 2021-06-14 | 2.1 LOW | 5.5 MEDIUM |
| SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | |||||