Search
Total
1933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31077 | 1 Linuxfoundation | 1 Kubeedge | 2022-07-11 | 3.5 LOW | 5.7 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. | |||||
| CVE-2022-1852 | 1 Linux | 1 Linux Kernel | 2022-07-09 | 2.1 LOW | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. | |||||
| CVE-2022-2231 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2279 | 1 Libmobi Project | 1 Libmobi | 2022-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||||
| CVE-2022-31076 | 1 Linuxfoundation | 1 Kubeedge | 2022-07-07 | 2.7 LOW | 5.7 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. | |||||
| CVE-2021-40943 | 1 Axiosys | 1 Bento4 | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
| CVE-2021-40944 | 1 Gpac | 1 Gpac | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
| CVE-2021-41689 | 1 Offis | 1 Dcmtk | 2022-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. | |||||
| CVE-2022-2208 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-07-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |||||
| CVE-2022-2121 | 1 Offis | 1 Dcmtk | 2022-07-05 | 3.3 LOW | 6.5 MEDIUM |
| OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. | |||||
| CVE-2022-28049 | 1 F5 | 1 Njs | 2022-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. | |||||
| CVE-2022-1507 | 2 Chafa Project, Fedoraproject | 2 Chafa, Fedora | 2022-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. | |||||
| CVE-2021-3596 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2022-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. | |||||
| CVE-2021-46664 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2022-06-30 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | |||||
| CVE-2020-13575 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13577 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13578 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13574 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-16307 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. | |||||
| CVE-2020-16306 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. | |||||
| CVE-2022-2085 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | |||||
| CVE-2019-5054 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2019-5055 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. | |||||
| CVE-2022-32230 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2019 | 2022-06-23 | 7.8 HIGH | 7.5 HIGH |
| Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | |||||
| CVE-2021-35076 | 1 Qualcomm | 114 Ar8035, Ar8035 Firmware, Qca6390 and 111 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35087 | 1 Qualcomm | 82 Ar8035, Ar8035 Firmware, Qca6390 and 79 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2015-9261 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2022-06-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | |||||
| CVE-2022-31763 | 1 Huawei | 2 Emui, Harmonyos | 2022-06-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2019-12259 | 4 Belden, Siemens, Sonicwall and 1 more | 49 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 46 more | 2022-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | |||||
| CVE-2022-29224 | 1 Envoyproxy | 1 Envoy | 2022-06-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. | |||||
| CVE-2022-1789 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2022-06-15 | 6.9 MEDIUM | 6.8 MEDIUM |
| With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. | |||||
| CVE-2021-34798 | 7 Apache, Broadcom, Debian and 4 more | 14 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 11 more | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2022-29694 | 1 Unicorn-engine | 1 Unicorn Engine | 2022-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. | |||||
| CVE-2022-32201 | 1 Libjpeg Project | 1 Libjpeg | 2022-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | |||||
| CVE-2022-32202 | 1 Libjpeg Project | 1 Libjpeg | 2022-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | |||||
| CVE-2022-29788 | 1 Libmobi Project | 1 Libmobi | 2022-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | |||||
| CVE-2021-33254 | 2 Embedthis, Linux | 2 Appweb, Linux Kernel | 2022-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. | |||||
| CVE-2020-9453 | 1 Epson | 1 Iprojection | 2022-06-09 | 2.1 LOW | 5.5 MEDIUM |
| In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU. | |||||
| CVE-2021-42196 | 1 Swftools | 1 Swftools | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-42198 | 1 Swftools | 1 Swftools | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-42200 | 1 Swftools | 1 Swftools | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-42202 | 1 Swftools | 1 Swftools | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-13582 | 1 Silabs | 1 Micrium Uc-http | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2017-2893 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2020-6062 | 4 Canonical, Coturn Project, Debian and 1 more | 4 Ubuntu Linux, Coturn, Debian Linux and 1 more | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-4024 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. | |||||
| CVE-2022-23222 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2022-06-07 | 7.2 HIGH | 7.8 HIGH |
| kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | |||||
| CVE-2021-22570 | 5 Debian, Fedoraproject, Google and 2 more | 8 Debian Linux, Fedora, Protobuf and 5 more | 2022-06-05 | 5.0 MEDIUM | 7.5 HIGH |
| Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. | |||||
| CVE-2021-36613 | 1 Mikrotik | 1 Routeros | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||
| CVE-2021-36614 | 1 Mikrotik | 1 Routeros | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||