Search
Total
1933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7475 | 1 Cairographics | 1 Cairo | 2021-03-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. | |||||
| CVE-2020-13900 | 1 Meetecho | 1 Janus | 2021-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference. | |||||
| CVE-2020-13898 | 1 Meetecho | 1 Janus | 2021-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference. | |||||
| CVE-2021-25176 | 2 Opendesign, Siemens | 3 Drawings Software Development Kit, Jt2go, Teamcenter Visualization | 2021-03-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | |||||
| CVE-2020-27819 | 1 Libxls Project | 1 Libxls | 2021-02-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file. | |||||
| CVE-2020-15469 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2021-02-24 | 2.1 LOW | 2.3 LOW |
| In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | |||||
| CVE-2020-10664 | 1 Windriver | 1 Vxworks | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. | |||||
| CVE-2020-12364 | 2 Intel, Linux | 2 Graphics Drivers, Linux Kernel | 2021-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2021-27203 | 1 Dekart | 1 Private Disk | 2021-02-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing. | |||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2021-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||||
| CVE-2018-18508 | 2 Mozilla, Siemens | 17 Network Security Services, Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware and 14 more | 2021-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | |||||
| CVE-2021-25690 | 1 Teradici | 1 Pcoip Soft Client | 2021-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. | |||||
| CVE-2021-27186 | 1 Treasuredata | 1 Fluent Bit | 2021-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | |||||
| CVE-2009-1902 | 2 Fedoraproject, Trustwave | 2 Fedora, Modsecurity | 2021-02-12 | 5.0 MEDIUM | N/A |
| The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. | |||||
| CVE-2021-25903 | 1 Cache Project | 1 Cache | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced. | |||||
| CVE-2019-20816 | 1 Foxitsoftware | 1 Phantompdf | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data. | |||||
| CVE-2019-20820 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. | |||||
| CVE-2019-25014 | 2 Istio, Redhat | 2 Istio, Openshift Service Mesh | 2021-02-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application). | |||||
| CVE-2021-25904 | 1 Av-data Project | 1 Av-data | 2021-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault. | |||||
| CVE-2013-1418 | 3 Debian, Mit, Opensuse | 3 Debian Linux, Kerberos 5, Opensuse | 2021-02-02 | 4.3 MEDIUM | N/A |
| The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | |||||
| CVE-2014-5353 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2021-02-02 | 3.5 LOW | N/A |
| The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. | |||||
| CVE-2010-1321 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2021-02-02 | 6.8 MEDIUM | N/A |
| The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | |||||
| CVE-2013-1416 | 4 Fedoraproject, Mit, Opensuse and 1 more | 8 Fedora, Kerberos 5, Opensuse and 5 more | 2021-02-02 | 4.0 MEDIUM | N/A |
| The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. | |||||
| CVE-2013-1415 | 2 Mit, Opensuse | 2 Kerberos 5, Opensuse | 2021-02-02 | 5.0 MEDIUM | N/A |
| The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. | |||||
| CVE-2012-1016 | 1 Mit | 1 Kerberos 5 | 2021-02-02 | 5.0 MEDIUM | N/A |
| The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. | |||||
| CVE-2020-8569 | 1 Kubernetes | 1 Container Storage Interface Snapshotter | 2021-02-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected. | |||||
| CVE-2018-7456 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2021-01-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) | |||||
| CVE-2019-19462 | 5 Canonical, Debian, Linux and 2 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2021-01-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | |||||
| CVE-2020-12514 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2021-01-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd | |||||
| CVE-2021-1069 | 2 Google, Nvidia | 9 Android, Jetson Agx Xavier, Jetson Nano and 6 more | 2021-01-27 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss. | |||||
| CVE-2018-6942 | 2 Canonical, Freetype | 2 Ubuntu Linux, Freetype | 2021-01-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. | |||||
| CVE-2021-0206 | 1 Juniper | 17 Junos, Nfx150, Nfx250 and 14 more | 2021-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX Series and SRX Series: 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S1; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions on NFX Series and SRX Series prior to 18.3R1. | |||||
| CVE-2020-25866 | 1 Wireshark | 1 Wireshark | 2021-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | |||||
| CVE-2021-1064 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2021-01-11 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
| CVE-2020-27279 | 1 Redlion | 1 Crimson | 2021-01-08 | 7.8 HIGH | 7.5 HIGH |
| A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001). | |||||
| CVE-2020-25692 | 2 Openldap, Redhat | 2 Openldap, Enterprise Linux | 2021-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | |||||
| CVE-2020-35860 | 1 Cbox Project | 1 Cbox | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code. | |||||
| CVE-2020-35907 | 1 Rust-lang | 1 Futures-task | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference. | |||||
| CVE-2019-11338 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | |||||
| CVE-2019-12155 | 1 Qemu | 1 Qemu | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | |||||
| CVE-2020-35450 | 1 Gobby Project | 1 Gobby | 2020-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | |||||
| CVE-2020-35668 | 1 Redislabs | 1 Redisgraph | 2020-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. | |||||
| CVE-2020-12845 | 1 Cherokee-project | 1 Cherokee | 2020-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest. | |||||
| CVE-2010-3702 | 9 Apple, Canonical, Debian and 6 more | 11 Cups, Ubuntu Linux, Debian Linux and 8 more | 2020-12-23 | 7.5 HIGH | N/A |
| The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | |||||
| CVE-2020-28203 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-12-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service). | |||||
| CVE-2020-16588 | 1 Openexr | 1 Openexr | 2020-12-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. | |||||
| CVE-2019-15680 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. | |||||
| CVE-2011-2519 | 2 Redhat, Xen | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2020-12-08 | 5.5 MEDIUM | N/A |
| Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. | |||||
| CVE-2020-25465 | 1 Moddable | 1 Moddable | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | |||||
| CVE-2018-1050 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2020-12-04 | 3.3 LOW | 4.3 MEDIUM |
| All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. | |||||