Total
2970 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5055 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. | |||||
CVE-2019-16232 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2024-02-28 | 4.7 MEDIUM | 4.1 MEDIUM |
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | |||||
CVE-2019-12259 | 4 Belden, Siemens, Sonicwall and 1 more | 49 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 46 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. | |||||
CVE-2019-12175 | 1 Zeek | 1 Zeek | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. | |||||
CVE-2019-15923 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
CVE-2019-15759 | 1 Webassembly | 1 Binaryen | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | |||||
CVE-2019-9656 | 3 Canonical, Debian, Libofx Project | 3 Ubuntu Linux, Debian Linux, Libofx | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. | |||||
CVE-2019-12108 | 1 Miniupnp Project | 1 Miniupnpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. | |||||
CVE-2019-1010171 | 1 Jsish | 1 Jsish | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84. | |||||
CVE-2019-10022 | 1 Xpdfreader | 1 Xpdf | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. | |||||
CVE-2019-2236 | 1 Qualcomm | 76 Ipq8074, Ipq8074 Firmware, Mdm9206 and 73 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
CVE-2019-12881 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0. | |||||
CVE-2019-9589 | 1 Glyphandcog | 1 Xpdfreader | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
CVE-2018-18513 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5. | |||||
CVE-2019-15291 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. | |||||
CVE-2019-12818 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. | |||||
CVE-2019-12101 | 1 Libnyoci Project | 1 Libnyoci | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault). | |||||
CVE-2019-10901 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | |||||
CVE-2018-7191 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. | |||||
CVE-2019-11638 | 1 Gnu | 1 Recutils | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. |