Total
2549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4095 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-11-07 | 1.9 LOW | 5.5 MEDIUM |
| A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. | |||||
| CVE-2021-46664 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | |||||
| CVE-2021-45343 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Librecad | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. | |||||
| CVE-2021-45079 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Extra Packages For Enterprise Linux and 2 more | 2023-11-07 | 5.8 MEDIUM | 9.1 CRITICAL |
| In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | |||||
| CVE-2021-44224 | 6 Apache, Apple, Debian and 3 more | 12 Http Server, Mac Os X, Macos and 9 more | 2023-11-07 | 6.4 MEDIUM | 8.2 HIGH |
| A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | |||||
| CVE-2021-42521 | 1 Vtk | 1 Vtk | 2023-11-07 | N/A | 7.5 HIGH |
| There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application. | |||||
| CVE-2021-42376 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2023-11-07 | 1.9 LOW | 5.5 MEDIUM |
| A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | |||||
| CVE-2021-42373 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | |||||
| CVE-2021-41524 | 4 Apache, Fedoraproject, Netapp and 1 more | 4 Http Server, Fedora, Cloud Backup and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. | |||||
| CVE-2021-40266 | 1 Freeimage Project | 1 Freeimage | 2023-11-07 | N/A | 6.5 MEDIUM |
| FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference. | |||||
| CVE-2021-3671 | 3 Debian, Netapp, Samba | 5 Debian Linux, Management Services For Element Software, Management Services For Netapp Hci and 2 more | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. | |||||
| CVE-2021-3659 | 3 Fedoraproject, Linux, Redhat | 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3543 | 3 Fedoraproject, Nitro Enclaves Project, Redhat | 3 Fedora, Nitro Enclaves, Enterprise Linux | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. | |||||
| CVE-2021-3537 | 6 Debian, Fedoraproject, Netapp and 3 more | 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3480 | 2 Fedoraproject, Slapi-nis Project | 2 Fedora, Slapi-nis | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3467 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||||
| CVE-2021-39928 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-39921 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-39920 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-39854 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||