Total
2549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15504 | 2 Embedthis, Juniper | 134 Appweb, Goahead, Ex2200 and 131 more | 2023-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. | |||||
| CVE-2018-15505 | 2 Embedthis, Juniper | 3 Appweb, Goahead, Junos | 2023-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. | |||||
| CVE-2014-9708 | 3 Embedthis, Juniper, Oracle | 134 Appweb, Ex2200, Ex2200-c and 131 more | 2023-06-22 | 5.0 MEDIUM | N/A |
| Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". | |||||
| CVE-2023-33121 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-06-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2023-29539 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2023-06-21 | N/A | 8.8 HIGH |
| When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||
| CVE-2022-3341 | 1 Ffmpeg | 1 Ffmpeg | 2023-06-13 | N/A | 5.3 MEDIUM |
| A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. | |||||
| CVE-2023-24825 | 1 Riot-os | 1 Riot | 2023-06-07 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds. | |||||
| CVE-2023-0779 | 1 Zephyrproject | 1 Zephyr | 2023-06-06 | N/A | 7.7 HIGH |
| At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. | |||||
| CVE-2023-33973 | 1 Riot-os | 1 Riot | 2023-06-06 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds. | |||||
| CVE-2023-28625 | 1 Openidc | 1 Mod Auth Openidc | 2023-05-31 | N/A | 7.5 HIGH |
| mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. | |||||
| CVE-2022-43603 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-05-30 | N/A | 5.9 MEDIUM |
| A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-43595 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-05-30 | N/A | 5.9 MEDIUM |
| Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabilities.This vulnerability applies to writing .fits files. | |||||
| CVE-2022-43593 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-05-30 | N/A | 5.9 MEDIUM |
| A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2022-41999 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2023-05-30 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-2840 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 9.8 CRITICAL |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2022-47094 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 7.8 HIGH |
| GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid | |||||
| CVE-2022-24577 | 1 Gpac | 1 Gpac | 2023-05-27 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.) | |||||
| CVE-2022-24574 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). | |||||
| CVE-2022-1035 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||||
| CVE-2021-4043 | 1 Gpac | 1 Gpac | 2023-05-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. | |||||