Total
2760 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25465 | 1 Moddable | 1 Moddable | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | |||||
CVE-2020-8569 | 1 Kubernetes | 1 Container Storage Interface Snapshotter | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected. | |||||
CVE-2021-21702 | 4 Debian, Netapp, Oracle and 1 more | 4 Debian Linux, Clustered Data Ontap, Communications Diameter Signaling Router and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. | |||||
CVE-2020-25858 | 1 Qualcomm | 1 Qualcomm Mobile Access Point | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. | |||||
CVE-2020-12364 | 2 Intel, Linux | 2 Graphics Drivers, Linux Kernel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. | |||||
CVE-2021-25690 | 1 Teradici | 1 Pcoip Soft Client | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. | |||||
CVE-2020-29652 | 1 Golang | 1 Ssh | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | |||||
CVE-2020-36148 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). | |||||
CVE-2021-0206 | 1 Juniper | 17 Junos, Nfx150, Nfx250 and 14 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX Series and SRX Series: 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S1; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions on NFX Series and SRX Series prior to 18.3R1. | |||||
CVE-2020-24421 | 2 Adobe, Microsoft | 2 Indesign, Windows | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue. | |||||
CVE-2020-9746 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Macos, Chrome Os and 4 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. | |||||
CVE-2021-25674 | 1 Siemens | 1 Simatic S7-plcsim | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service. | |||||
CVE-2020-16588 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. | |||||
CVE-2020-26521 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Nats-server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). | |||||
CVE-2020-25866 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | |||||
CVE-2020-17525 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 | |||||
CVE-2020-26213 | 1 Teler Project | 1 Teler | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1. | |||||
CVE-2021-20274 | 1 Privoxy | 1 Privoxy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. | |||||
CVE-2020-35680 | 2 Fedoraproject, Opensmtpd | 2 Fedora, Opensmtpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. | |||||
CVE-2020-15204 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. |