Total
2746 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-40264 | 1 Freeimage Project | 1 Freeimage | 2024-02-28 | N/A | 6.5 MEDIUM |
NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp. | |||||
CVE-2023-46862 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. | |||||
CVE-2023-45667 | 1 Nothings | 1 Stb Image.h | 2024-02-28 | N/A | 7.5 HIGH |
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | |||||
CVE-2022-35206 | 1 Gnu | 1 Binutils | 2024-02-28 | N/A | 5.5 MEDIUM |
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. | |||||
CVE-2023-41633 | 1 Catdoc Project | 1 Catdoc | 2024-02-28 | N/A | 5.5 MEDIUM |
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. | |||||
CVE-2023-46728 | 1 Squid-cache | 1 Squid | 2024-02-28 | N/A | 7.5 HIGH |
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. | |||||
CVE-2020-36138 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). | |||||
CVE-2020-36024 | 1 Freedesktop | 1 Poppler | 2024-02-28 | N/A | 5.5 MEDIUM |
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | |||||
CVE-2023-38670 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-02-28 | N/A | 7.5 HIGH |
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. | |||||
CVE-2023-41909 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. | |||||
CVE-2022-48606 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability. | |||||
CVE-2023-39397 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability. | |||||
CVE-2023-38712 | 1 Libreswan | 1 Libreswan | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. | |||||
CVE-2021-3236 | 1 Vim | 1 Vim | 2024-02-28 | N/A | 5.5 MEDIUM |
vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. | |||||
CVE-2023-31441 | 1 Ncia | 1 Advisor Network | 2024-02-28 | N/A | 5.5 MEDIUM |
In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution. | |||||
CVE-2023-5441 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-02-28 | N/A | 5.5 MEDIUM |
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | |||||
CVE-2023-46239 | 1 Quic-go Project | 1 Quic-go | 2024-02-28 | N/A | 7.5 HIGH |
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected. | |||||
CVE-2023-4683 | 1 Gpac | 1 Gpac | 2024-02-28 | N/A | 5.5 MEDIUM |
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | |||||
CVE-2023-38665 | 1 Nasm | 1 Netwide Assembler | 2024-02-28 | N/A | 5.5 MEDIUM |
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). | |||||
CVE-2023-46345 | 1 Fossies | 1 Catdoc | 2024-02-28 | N/A | 7.5 HIGH |
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. |