Total
2760 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15219 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-02-28 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | |||||
CVE-2019-9937 | 1 Sqlite | 1 Sqlite | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. | |||||
CVE-2019-9704 | 3 Cron Project, Debian, Fedoraproject | 3 Cron, Debian Linux, Fedora | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. | |||||
CVE-2019-1900 | 1 Cisco | 5 Integrated Management Controller Supervisor, Ucs C125 M5, Ucs C4200 and 2 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart. | |||||
CVE-2018-7574 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7576, CVE-2018-21233. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2018-7576 and CVE-2018-21233 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2019-10873 | 1 Freedesktop | 1 Poppler | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. | |||||
CVE-2019-15297 | 1 Digium | 1 Asterisk | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference. | |||||
CVE-2019-9771 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. | |||||
CVE-2019-16164 | 1 Myhtml Project | 1 Myhtml | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. | |||||
CVE-2019-9746 | 1 Webmproject | 1 Libwebm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. | |||||
CVE-2019-13147 | 2 Audio File Library Project, Debian | 2 Audio File Library, Debian Linux | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. | |||||
CVE-2019-1010239 | 2 Cjson Project, Oracle | 2 Cjson, Timesten In-memory Database | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. | |||||
CVE-2018-7576 | 1 Google | 1 Tensorflow | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. | |||||
CVE-2019-12312 | 1 Libreswan | 1 Libreswan | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan. | |||||
CVE-2019-16092 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. | |||||
CVE-2019-11023 | 1 Graphviz | 1 Graphviz | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. | |||||
CVE-2018-19802 | 1 Aubio | 1 Aubio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. | |||||
CVE-2019-2264 | 1 Qualcomm | 52 Mdm9607, Mdm9607 Firmware, Mdm9640 and 49 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Null pointer dereference occurs for channel context while opening glink channel in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MDM9640, MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SDM439, SDM630, SDM660, SDX24 | |||||
CVE-2018-15733 | 1 Stopzilla | 1 Antimalware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a NULL Pointer Dereference vulnerability due to not validating the size of the output buffer value from IOCtl 0x80002028. | |||||
CVE-2019-12614 | 5 Canonical, Fedoraproject, Linux and 2 more | 5 Ubuntu Linux, Fedora, Linux Kernel and 2 more | 2024-02-28 | 4.7 MEDIUM | 4.1 MEDIUM |
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). |