Total
2760 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11494 | 3 Dovecot, Fedoraproject, Opensuse | 3 Dovecot, Fedora, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | |||||
CVE-2019-15922 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
CVE-2019-8936 | 5 Fedoraproject, Hpe, Netapp and 2 more | 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NTP through 4.2.8p12 has a NULL Pointer Dereference. | |||||
CVE-2019-11366 | 1 Atftp Project | 1 Atftp | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. | |||||
CVE-2019-13032 | 1 Flightcrew Project | 1 Flightcrew | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library. | |||||
CVE-2019-11338 | 4 Canonical, Debian, Ffmpeg and 1 more | 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | |||||
CVE-2019-15217 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-02-28 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. | |||||
CVE-2019-10140 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). | |||||
CVE-2019-11555 | 1 W1.fi | 2 Hostapd, Wpa Supplicant | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. | |||||
CVE-2019-13114 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | |||||
CVE-2019-13590 | 1 Sound Exchange Project | 1 Sound Exchange | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. | |||||
CVE-2019-11419 | 1 Tencent | 1 Wechat | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji. | |||||
CVE-2019-9923 | 2 Gnu, Opensuse | 2 Tar, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. | |||||
CVE-2019-12217 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. | |||||
CVE-2019-1010162 | 1 Jsish | 1 Jsish | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77. | |||||
CVE-2019-15860 | 1 Glyphandcog | 1 Xpdfreader | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002. | |||||
CVE-2019-12218 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | |||||
CVE-2018-19801 | 1 Aubio | 1 Aubio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. | |||||
CVE-2019-9776 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779). | |||||
CVE-2019-12995 | 1 Istio | 1 Istio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault. |