Total
2760 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0632 | 1 Mruby | 1 Mruby | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
NULL Pointer Dereference in Homebrew mruby prior to 3.2. | |||||
CVE-2022-2085 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | |||||
CVE-2022-2208 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |||||
CVE-2021-40785 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-20796 | 4 Cisco, Clamav, Debian and 1 more | 4 Secure Endpoint, Clamav, Debian Linux and 1 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. | |||||
CVE-2022-29795 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. | |||||
CVE-2022-31076 | 1 Linuxfoundation | 1 Kubeedge | 2024-02-28 | 2.7 LOW | 5.7 MEDIUM |
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. | |||||
CVE-2021-36614 | 1 Mikrotik | 1 Routeros | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||||
CVE-2022-1620 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. | |||||
CVE-2021-44108 | 1 Open5gs | 1 Open5gs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. | |||||
CVE-2021-35068 | 1 Qualcomm | 200 Apq8009w, Apq8009w Firmware, Aqt1000 and 197 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2022-1201 | 1 Mruby | 1 Mruby | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. | |||||
CVE-2022-0433 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. | |||||
CVE-2022-29340 | 1 Gpac | 1 Gpac | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. | |||||
CVE-2022-1852 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. | |||||
CVE-2022-29224 | 1 Envoyproxy | 1 Envoy | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. | |||||
CVE-2022-1649 | 1 Radare | 1 Radare2 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html). | |||||
CVE-2022-22513 | 1 Codesys | 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. | |||||
CVE-2022-27359 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. | |||||
CVE-2021-42577 | 1 Softing | 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. |