Total
2549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3113 | 1 Linux | 1 Linux Kernel | 2022-12-16 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. | |||||
| CVE-2022-3112 | 1 Linux | 1 Linux Kernel | 2022-12-16 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | |||||
| CVE-2022-3111 | 1 Linux | 1 Linux Kernel | 2022-12-16 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). | |||||
| CVE-2017-12130 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2022-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability. | |||||
| CVE-2016-9049 | 1 Aerospike | 1 Database Server | 2022-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability. | |||||
| CVE-2016-8726 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-13 | 7.8 HIGH | 7.5 HIGH |
| An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. | |||||
| CVE-2016-8723 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-13 | 7.8 HIGH | 7.5 HIGH |
| An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. | |||||
| CVE-2021-20299 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-13 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20296 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2022-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-23476 | 1 Nokogiri | 1 Nokogiri | 2022-12-10 | N/A | 7.5 HIGH |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected. | |||||
| CVE-2016-9313 | 1 Linux | 1 Linux Kernel | 2022-12-09 | 9.3 HIGH | 7.8 HIGH |
| security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. | |||||
| CVE-2018-19939 | 1 Mi | 4 Mi A2 Lite, Mi A2 Lite Firmware, Redmi 6 and 1 more | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c. | |||||
| CVE-2017-8843 | 1 Long Range Zip Project | 1 Long Range Zip | 2022-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | |||||
| CVE-2017-8847 | 1 Long Range Zip Project | 1 Long Range Zip | 2022-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | |||||
| CVE-2017-14436 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability. | |||||
| CVE-2017-14437 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability. | |||||
| CVE-2017-12124 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. | |||||
| CVE-2017-14435 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability. | |||||
| CVE-2022-37797 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2022-12-03 | N/A | 7.5 HIGH |
| In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. | |||||
| CVE-2019-11810 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-12-02 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | |||||