Total
3510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32132 | 1 Gpac | 1 Gpac | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||||
| CVE-2021-39594 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function updateusage() located in swftext.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39596 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_parse() located in code.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39597 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located in code.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-39598 | 1 Swftools | 1 Swftools | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in code.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-38208 | 1 Linux | 1 Linux Kernel | 2021-09-21 | 2.1 LOW | 5.5 MEDIUM |
| net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. | |||||
| CVE-2021-1112 | 1 Nvidia | 8 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 5 more | 2021-09-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. | |||||
| CVE-2021-1935 | 1 Qualcomm | 352 Apq8009, Apq8009 Firmware, Apq8017 and 349 more | 2021-09-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2010-4816 | 1 Openbsd | 1 Openbsd | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. | |||||
| CVE-2021-30698 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2021-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2020-15209 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2021-09-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | |||||
| CVE-2020-15204 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2021-09-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | |||||
| CVE-2021-27029 | 1 Autodesk | 1 Fbx Review | 2021-09-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service. | |||||
| CVE-2021-30290 | 1 Qualcomm | 82 Qca6174a, Qca6174a Firmware, Qca6574 and 79 more | 2021-09-16 | 4.4 MEDIUM | 7.0 HIGH |
| Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30294 | 1 Qualcomm | 82 Qca6174a, Qca6174a Firmware, Qca6574 and 79 more | 2021-09-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| Potential null pointer dereference in KGSL GPU auxiliary command due to improper validation of user input in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-1101 | 1 Nvidia | 1 Virtual Gpu | 2021-09-14 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8). | |||||
| CVE-2021-22792 | 1 Schneider-electric | 49 Modicon M340 Bmxp341000, Modicon M340 Bmxp342010, Modicon M340 Bmxp342020 and 46 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). | |||||
| CVE-2021-28845 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key. | |||||
| CVE-2021-21057 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 4.3 MEDIUM | 6.6 MEDIUM |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-9746 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Macos, Chrome Os and 4 more | 2021-09-08 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. | |||||