Total
2549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29201 | 1 Google | 1 Tensorflow | 2023-07-21 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2023-3012 | 1 Gpac | 1 Gpac | 2023-07-15 | N/A | 7.8 HIGH |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2021-33798 | 1 Libpano13 Project | 1 Libpano13 | 2023-07-14 | N/A | 6.5 MEDIUM |
| A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file. | |||||
| CVE-2023-0359 | 1 Zephyrproject | 1 Zephyr | 2023-07-13 | N/A | 7.5 HIGH |
| A missing nullptr-check in handle_ra_input can cause a nullptr-deref. | |||||
| CVE-2023-34164 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2022-48509 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 5.9 MEDIUM |
| Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally. | |||||
| CVE-2023-25523 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-07-10 | N/A | 3.3 LOW |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. | |||||
| CVE-2022-41909 | 1 Google | 1 Tensorflow | 2023-07-10 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2020-35525 | 1 Sqlite | 1 Sqlite | 2023-07-06 | N/A | 7.5 HIGH |
| In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. | |||||
| CVE-2023-3357 | 1 Linux | 1 Linux Kernel | 2023-07-06 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. | |||||
| CVE-2023-3359 | 1 Linux | 1 Linux Kernel | 2023-07-06 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference. | |||||
| CVE-2023-3358 | 1 Linux | 1 Linux Kernel | 2023-07-06 | N/A | 5.5 MEDIUM |
| A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. | |||||
| CVE-2021-40027 | 1 Huawei | 1 Harmonyos | 2023-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2023-2731 | 3 Fedoraproject, Libtiff, Redhat | 3 Fedora, Libtiff, Enterprise Linux | 2023-07-03 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. | |||||
| CVE-2022-1516 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-06-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. | |||||
| CVE-2022-1649 | 1 Radare | 1 Radare2 | 2023-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html). | |||||
| CVE-2023-3220 | 1 Linux | 1 Linux Kernel | 2023-06-27 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. | |||||
| CVE-2017-5149 | 1 Abbott | 3 Merlin\@home Ex1100, Merlin\@home Ex1150, Merlin\@home Firmware | 2023-06-26 | 6.8 MEDIUM | 8.9 HIGH |
| An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. | |||||
| CVE-2021-29568 | 1 Google | 1 Tensorflow | 2023-06-26 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`. If `shape` argument is empty, then `shape_tensor.flat<T>()` is an empty array. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2022-25310 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2023-06-23 | N/A | 5.5 MEDIUM |
| A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. | |||||