Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2476 | 2 Fedoraproject, Wavpack | 2 Fedora, Wavpack | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_m ...
Show More |
|||||
| CVE-2022-2337 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
|
|||||
| CVE-2022-2279 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.
|
|||||
| CVE-2022-2231 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-2208 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
|
|||||
| CVE-2022-2153 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
|
|||||
| CVE-2022-2085 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL ...
Show More |
|||||
| CVE-2022-29795 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
|
|||||
| CVE-2022-29788 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.
|
|||||
| CVE-2022-29694 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.
|
|||||
| CVE-2022-29508 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-29491 | 1 F5 | 4 Big-ip Access Policy Manager, Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-29340 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.
|
|||||
| CVE-2022-29224 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, et ...
Show More |
|||||
| CVE-2022-29206 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
|
|||||
| CVE-2022-29205 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Version ...
Show More |
|||||
| CVE-2022-29201 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
|
|||||
| CVE-2022-29031 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
|
|||||
| CVE-2022-29029 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
|
|||||
| CVE-2022-28189 | 1 Nvidia | 1 Gpu Display Driver | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.
|
|||||
| CVE-2022-28070 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
|
|||||
| CVE-2022-28049 | 1 F5 | 1 Njs | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
|
|||||
| CVE-2022-27944 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
|
|||||
| CVE-2022-27567 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
|
|||||
| CVE-2022-27359 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference.
|
|||||
| CVE-2022-26979 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
|
|||||
| CVE-2022-26099 | 1 Google | 1 Android | 2024-11-21 | 6.4 MEDIUM | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
|
|||||
| CVE-2022-26097 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26096 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26095 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26094 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-26093 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
|
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
|
|||||
| CVE-2022-25867 | 1 Socket | 1 Socket.io-client Java | 2024-11-21 | N/A | 7.5 HIGH |
|
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
|
|||||
| CVE-2022-25739 | 1 Qualcomm | 52 Mdm8207, Mdm8207 Firmware, Mdm9205 and 49 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
|
|||||
| CVE-2022-25735 | 1 Qualcomm | 68 Ar8031, Ar8031 Firmware, Csra6620 and 65 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Denial of service in modem due to missing null check while processing TCP or UDP packets from server
|
|||||
| CVE-2022-25733 | 1 Qualcomm | 70 Ar8031, Ar8031 Firmware, Csra6620 and 67 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Denial of service in modem due to null pointer dereference while processing DNS packets
|
|||||
| CVE-2022-25310 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
|
|||||
| CVE-2022-25258 | 4 Debian, Fedoraproject, Linux and 1 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
|
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
|
|||||
| CVE-2022-25108 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation.
|
|||||
| CVE-2022-24736 | 4 Fedoraproject, Netapp, Oracle and 1 more | 5 Fedora, Management Services For Element Software, Management Services For Netapp Hci and 2 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL ...
Show More |
|||||