Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15191 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e ...
Show More |
|||||
| CVE-2020-15190 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavio ...
Show More |
|||||
| CVE-2020-14500 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.
|
|||||
| CVE-2020-14397 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
|
|||||
| CVE-2020-14396 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
|
|||||
| CVE-2020-14356 | 6 Canonical, Debian, Linux and 3 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
|
|||||
| CVE-2020-14323 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
|
|||||
| CVE-2020-14149 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.
|
|||||
| CVE-2020-13950 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
|
|||||
| CVE-2020-13934 | 6 Apache, Canonical, Debian and 3 more | 14 Tomcat, Ubuntu Linux, Debian Linux and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
|
|||||
| CVE-2020-13900 | 1 Meetecho | 1 Janus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.
|
|||||
| CVE-2020-13898 | 1 Meetecho | 1 Janus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.
|
|||||
| CVE-2020-13848 | 2 Debian, Libupnp Project | 2 Debian Linux, Libupnp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
|
|||||
| CVE-2020-13775 | 2 Fedoraproject, Znc | 2 Fedora, Znc | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
|
|||||
| CVE-2020-13659 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
|
|||||
| CVE-2020-13649 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
|
|||||
| CVE-2020-13632 | 8 Brocade, Canonical, Debian and 5 more | 13 Fabric Operating System, Ubuntu Linux, Debian Linux and 10 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
|
|||||
| CVE-2020-13583 | 1 Micrium | 1 Uc-http | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-13582 | 1 Silabs | 1 Micrium Uc-http | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-13578 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-13577 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-13575 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-13574 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-13435 | 2 Fedoraproject, Sqlite | 2 Fedora, Sqlite | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
|
|||||
| CVE-2020-12867 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
|
|||||
| CVE-2020-12866 | 3 Canonical, Opensuse, Sane-project | 3 Ubuntu Linux, Leap, Sane Backends | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
|
|||||
| CVE-2020-12845 | 1 Cherokee-project | 1 Cherokee | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.
|
|||||
| CVE-2020-12514 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2024-11-21 | 4.0 MEDIUM | 6.6 MEDIUM |
|
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
|
|||||
| CVE-2020-12364 | 2 Intel, Linux | 2 Graphics Drivers, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
|
|||||
| CVE-2020-12059 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Ceph | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
|
|||||
| CVE-2020-11668 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.6 MEDIUM | 7.1 HIGH |
|
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
|
|||||
| CVE-2020-11609 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.
|
|||||
| CVE-2020-11608 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.
|
|||||
| CVE-2020-11273 | 1 Qualcomm | 356 Csrb31024, Csrb31024 Firmware, Pm3003a and 353 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
|
|||||
| CVE-2020-11254 | 1 Qualcomm | 121 Pm6150a, Pm6150l, Pm6350 and 118 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
|
|||||
| CVE-2020-11168 | 1 Qualcomm | 122 Apq8009, Apq8009 Firmware, Apq8009w and 119 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, ...
Show More |
|||||
| CVE-2020-11158 | 1 Qualcomm | 1 Ips Pdf | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.2
|
|||||
| CVE-2020-11122 | 1 Qualcomm | 20 Apq8098, Apq8098 Firmware, Bitra and 17 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130
|
|||||
| CVE-2020-10957 | 1 Dovecot | 1 Dovecot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
|
|||||
| CVE-2020-10812 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.
|
|||||