Total
2760 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3995 | 2 Elog Project, Fedoraproject | 2 Elog, Fedora | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request. | |||||
CVE-2019-19698 | 1 Libwav Project | 1 Libwav | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c. | |||||
CVE-2019-19647 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. | |||||
CVE-2019-16754 | 1 Riot-os | 1 Riot | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet. | |||||
CVE-2019-11867 | 1 Realtek | 1 Ndis | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0. | |||||
CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | |||||
CVE-2019-10097 | 2 Apache, Oracle | 8 Http Server, Communications Element Manager, Communications Session Report Manager and 5 more | 2024-02-28 | 6.0 MEDIUM | 7.2 HIGH |
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. | |||||
CVE-2019-20398 | 1 Cesnet | 1 Libyang | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. | |||||
CVE-2019-10545 | 1 Qualcomm | 12 Qcs605, Qcs605 Firmware, Sdm670 and 9 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150 | |||||
CVE-2019-5235 | 1 Huawei | 100 Alp-al00b, Alp-al00b Firmware, Alp-tl00b and 97 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal. | |||||
CVE-2010-2488 | 1 Znc | 1 Znc | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | |||||
CVE-2019-19462 | 5 Canonical, Debian, Linux and 2 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | |||||
CVE-2020-6629 | 1 Libming | 1 Libming | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c. | |||||
CVE-2012-5640 | 1 Acme | 1 Thttpd | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
thttpd has a local DoS vulnerability via specially-crafted .htpasswd files | |||||
CVE-2020-7045 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. | |||||
CVE-2019-20091 | 1 Axiosys | 1 Bento4 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp. | |||||
CVE-2019-14061 | 1 Qualcomm | 90 Apq8009, Apq8009 Firmware, Apq8017 and 87 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
CVE-2020-9327 | 5 Canonical, Netapp, Oracle and 2 more | 11 Ubuntu Linux, Cloud Backup, Communications Messaging Server and 8 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | |||||
CVE-2019-19227 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. | |||||
CVE-2019-19037 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. |