Total
3510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35108 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | |||||
| CVE-2022-1671 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2023-08-04 | N/A | 7.1 HIGH |
| A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. | |||||
| CVE-2022-3202 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2023-08-04 | N/A | 7.1 HIGH |
| A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. | |||||
| CVE-2023-37732 | 1 Yasm Project | 1 Yasm | 2023-08-02 | N/A | 5.5 MEDIUM |
| Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | |||||
| CVE-2023-38670 | 1 Paddlepaddle | 1 Paddlepaddle | 2023-07-31 | N/A | 7.5 HIGH |
| Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. | |||||
| CVE-2020-35499 | 1 Linux | 1 Linux Kernel | 2023-07-28 | 7.2 HIGH | 6.7 MEDIUM |
| A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. | |||||
| CVE-2023-31441 | 1 Ncia | 1 Advisor Network | 2023-07-27 | N/A | 5.5 MEDIUM |
| In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution. | |||||
| CVE-2020-23911 | 1 Asn1c Project | 1 Asn1c | 2023-07-26 | N/A | 5.5 MEDIUM |
| An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2023-3012 | 1 Gpac | 1 Gpac | 2023-07-15 | N/A | 7.8 HIGH |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2021-33798 | 1 Libpano13 Project | 1 Libpano13 | 2023-07-14 | N/A | 6.5 MEDIUM |
| A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file. | |||||
| CVE-2023-0359 | 1 Zephyrproject | 1 Zephyr | 2023-07-13 | N/A | 7.5 HIGH |
| A missing nullptr-check in handle_ra_input can cause a nullptr-deref. | |||||
| CVE-2023-34164 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-25523 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-07-10 | N/A | 3.3 LOW |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. | |||||
| CVE-2022-41909 | 1 Google | 1 Tensorflow | 2023-07-10 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2020-35525 | 1 Sqlite | 1 Sqlite | 2023-07-06 | N/A | 7.5 HIGH |
| In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. | |||||
| CVE-2022-1516 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-06-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. | |||||
| CVE-2022-1649 | 1 Radare | 1 Radare2 | 2023-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html). | |||||
| CVE-2017-5149 | 1 Abbott | 3 Merlin\@home Ex1100, Merlin\@home Ex1150, Merlin\@home Firmware | 2023-06-26 | 6.8 MEDIUM | 8.9 HIGH |
| An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. | |||||
| CVE-2021-29568 | 1 Google | 1 Tensorflow | 2023-06-26 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`. If `shape` argument is empty, then `shape_tensor.flat<T>()` is an empty array. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2022-25310 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2023-06-23 | N/A | 5.5 MEDIUM |
| A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. | |||||