Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24757 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-03-07 | N/A | 5.5 MEDIUM |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
|
|||||
| CVE-2023-52371 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-07 | N/A | 3.5 LOW |
|
Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-11650 | 1 Tenda | 2 I9, I9 Firmware | 2025-03-06 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-21097 | 1 Openatom | 1 Openharmony | 2025-03-06 | N/A | 3.3 LOW |
|
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
|
|||||
| CVE-2023-52745 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
The cited commit creates child PKEY interfaces over netlink will
multiple tx and rx queues, but some devices doesn't support more than 1
tx and 1 rx queues. This causes to a crash when traffic is sent over the
PKEY interface due to the parent having a single queue but the child
having multiple queues.
This patch fixes the number of queues to 1 for legacy IPoIB at the
ea ...
Show More |
|||||
| CVE-2025-1877 | 1 Dlink | 2 Dap-1562, Dap-1562 Firmware | 2025-03-06 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2025-1470 | 1 Eclipse | 1 Omr | 2025-03-05 | N/A | 5.5 MEDIUM |
|
In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning in version 0.5.0, internal OMR consumers of atoe functions handle NULL return values and memory allocation failures correctly.
|
|||||
| CVE-2024-23081 | 1 Threeten | 1 Threeten Backport | 2025-03-05 | N/A | 3.3 LOW |
|
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
|
|||||
| CVE-2024-27061 | 1 Linux | 1 Linux Kernel | 2025-03-05 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ce - Fix use after free in unprepare
sun8i_ce_cipher_unprepare should be called before
crypto_finalize_skcipher_request, because client callbacks may
immediately free memory, that isn't needed anymore. But it will be
used by unprepare after free. Before removing prepare/unprepare
callbacks it was handled by crypto engine in crypto_finalize_request.
Usually that results in a pointer dereference problem during a i ...
Show More |
|||||
| CVE-2024-27079 | 1 Linux | 1 Linux Kernel | 2025-03-05 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix NULL domain on device release
In the kdump kernel, the IOMMU operates in deferred_attach mode. In this
mode, info->domain may not yet be assigned by the time the release_device
function is called. It leads to the following crash in the crash kernel:
BUG: kernel NULL pointer dereference, address: 000000000000003c
...
RIP: 0010:do_raw_spin_lock+0xa/0xa0
...
_raw_spin_lock_irqsave+0x1b/0x30
...
Show More |
|||||
| CVE-2025-21084 | 1 Openatom | 1 Openharmony | 2025-03-04 | N/A | 3.8 LOW |
|
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.
|
|||||
| CVE-2025-22837 | 2025-03-04 | N/A | 3.3 LOW | ||
|
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
|
|||||
| CVE-2024-26760 | 1 Linux | 1 Linux Kernel | 2025-03-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: pscsi: Fix bio_put() for error case
As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc
wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()
and kfree(). That is not done properly for the error case, hitting WARN and
NULL pointer dereference in bio_free().
|
|||||
| CVE-2024-26632 | 1 Linux | 1 Linux Kernel | 2025-03-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
block: Fix iterating over an empty bio with bio_for_each_folio_all
If the bio contains no data, bio_first_folio() calls page_folio() on a
NULL pointer and oopses. Move the test that we've reached the end of
the bio from bio_next_folio() to bio_first_folio().
[axboe: add unlikely() to error case]
|
|||||
| CVE-2021-47169 | 1 Linux | 1 Linux Kernel | 2025-03-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls
'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the
firmware don't exists, function just return without initializing ports
of 'rp2_card'. But now the interrupt handler function has been
registered, and when an interrupt comes, 'rp2_uart_interrupt' may access
those ports ...
Show More |
|||||
| CVE-2021-47165 | 1 Linux | 1 Linux Kernel | 2025-03-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/meson: fix shutdown crash when component not probed
When main component is not probed, by example when the dw-hdmi module is
not loaded yet or in probe defer, the following crash appears on shutdown:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038
...
pc : meson_drv_shutdown+0x24/0x50
lr : platform_drv_shutdown+0x20/0x30
...
Call trace:
meson_drv_shutdown+0x24/0x50
platform_drv_shutdow ...
Show More |
|||||
| CVE-2025-21155 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-03-03 | N/A | 5.5 MEDIUM |
|
Substance3D - Stager versions 3.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-21125 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-03-03 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-47436 | 1 Linux | 1 Linux Kernel | 2025-03-01 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: dsps: Fix the probe error path
Commit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() after
initializing musb") has inverted the calls to
dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() without
updating correctly the error path. dsps_create_musb_pdev() allocates and
registers a new platform device which must be unregistered and freed
with platform_device_unregister(), and this is missing upon
dsps_setu ...
Show More |
|||||
| CVE-2023-27114 | 1 Radare | 1 Radare2 | 2025-02-28 | N/A | 5.5 MEDIUM |
|
radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.
|
|||||
| CVE-2024-26703 | 1 Linux | 1 Linux Kernel | 2025-02-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tracing/timerlat: Move hrtimer_init to timerlat_fd open()
Currently, the timerlat's hrtimer is initialized at the first read of
timerlat_fd, and destroyed at close(). It works, but it causes an error
if the user program open() and close() the file without reading.
Here's an example:
# echo NO_OSNOISE_WORKLOAD > /sys/kernel/debug/tracing/osnoise/options
# echo timerlat > /sys/kernel/debug/tracing/current_tracer
# cat <<EO ...
Show More |
|||||
| CVE-2024-26796 | 1 Linux | 1 Linux Kernel | 2025-02-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drivers: perf: ctr_get_width function for legacy is not defined
With parameters CONFIG_RISCV_PMU_LEGACY=y and CONFIG_RISCV_PMU_SBI=n
linux kernel crashes when you try perf record:
$ perf record ls
[ 46.749286] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 46.750199] Oops [#1]
[ 46.750342] Modules linked in:
[ 46.750608] CPU: 0 PID: 107 Comm: perf-exec Not tainted 6.6.0 #2
[ 46.750906] ...
Show More |
|||||
| CVE-2024-26776 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-02-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
Return IRQ_NONE from the interrupt handler when no interrupt was
detected. Because an empty interrupt will cause a null pointer error:
Unable to handle kernel NULL pointer dereference at virtual
address 0000000000000008
Call trace:
complete+0x54/0x100
hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx]
__handle_irq_event_percpu+0x ...
Show More |
|||||
| CVE-2021-47134 | 1 Linux | 1 Linux Kernel | 2025-02-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
efi/fdt: fix panic when no valid fdt found
setup_arch() would invoke efi_init()->efi_get_fdt_params(). If no
valid fdt found then initial_boot_params will be null. So we
should stop further fdt processing here. I encountered this
issue on risc-v.
|
|||||
| CVE-2023-27785 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | N/A | 7.5 HIGH |
|
An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.
|
|||||
| CVE-2023-27784 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | N/A | 7.5 HIGH |
|
An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.
|
|||||
| CVE-2023-27787 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | N/A | 7.5 HIGH |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.
|
|||||
| CVE-2023-27786 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | N/A | 7.5 HIGH |
|
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.
|
|||||
| CVE-2022-3116 | 1 Heimdal Project | 1 Heimdal | 2025-02-24 | N/A | 7.5 HIGH |
|
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
|
|||||
| CVE-2024-50070 | 1 Linux | 1 Linux Kernel | 2025-02-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: stm32: check devm_kasprintf() returned value
devm_kasprintf() can return a NULL pointer on failure but this returned
value is not checked. Fix this lack and check the returned value.
Found by code review.
|
|||||
| CVE-2024-49923 | 1 Linux | 1 Linux Kernel | 2025-02-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags
[WHAT & HOW]
"dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it
cannot be a null pointer. Let's pass a valid pointer to avoid null
dereference.
This fixes 2 FORWARD_NULL issues reported by Coverity.
|
|||||
| CVE-2024-49919 | 1 Linux | 1 Linux Kernel | 2025-02-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer
This commit addresses a potential null pointer dereference issue in the
`dcn201_acquire_free_pipe_for_layer` function. The issue could occur
when `head_pipe` is null.
The fix adds a check to ensure `head_pipe` is not null before asserting
it. If `head_pipe` is null, the function returns NULL to prevent a
potential null pointer dereference.
Re ...
Show More |
|||||
| CVE-2025-25471 | 2025-02-20 | N/A | 4.3 MEDIUM | ||
|
FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
|
|||||
| CVE-2023-1583 | 1 Linux | 1 Linux Kernel | 2025-02-20 | N/A | 5.5 MEDIUM |
|
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.
|
|||||
| CVE-2022-44369 | 1 Nasm | 1 Netwide Assembler | 2025-02-18 | N/A | 5.5 MEDIUM |
|
NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
|
|||||
| CVE-2022-44368 | 1 Nasm | 1 Netwide Assembler | 2025-02-18 | N/A | 5.5 MEDIUM |
|
NASM v2.16 was discovered to contain a null pointer deference in the NASM component
|
|||||
| CVE-2024-39356 | 2025-02-18 | N/A | 7.4 HIGH | ||
|
NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2023-26916 | 2 Cesnet, Fedoraproject | 2 Libyang, Fedora | 2025-02-18 | N/A | 5.3 MEDIUM |
|
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
|
|||||
| CVE-2020-23259 | 1 Jsish | 1 Jsish | 2025-02-14 | N/A | 7.5 HIGH |
|
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
|
|||||
| CVE-2024-26623 | 1 Linux | 1 Linux Kernel | 2025-02-14 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
pds_core: Prevent race issues involving the adminq
There are multiple paths that can result in using the pdsc's
adminq.
[1] pdsc_adminq_isr and the resulting work from queue_work(),
i.e. pdsc_work_thread()->pdsc_process_adminq()
[2] pdsc_adminq_post()
When the device goes through reset via PCIe reset and/or
a fw_down/fw_up cycle due to bad PCIe state or bad device
state the adminq is destroyed and recreated.
A NULL poi ...
Show More |
|||||