Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36148 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
|
|||||
| CVE-2020-36138 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).
|
|||||
| CVE-2020-36135 | 1 Aomedia | 1 Aomedia | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
|
|||||
| CVE-2020-36130 | 1 Aomedia | 1 Aomedia | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.
|
|||||
| CVE-2020-35982 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
|
|||||
| CVE-2020-35981 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
|
|||||
| CVE-2020-35907 | 1 Rust-lang | 1 Futures-task | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference.
|
|||||
| CVE-2020-35860 | 1 Cbox Project | 1 Cbox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code.
|
|||||
| CVE-2020-35680 | 2 Fedoraproject, Opensmtpd | 2 Fedora, Opensmtpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
|
|||||
| CVE-2020-35668 | 1 Redislabs | 1 Redisgraph | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.
|
|||||
| CVE-2020-35538 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
|
|||||
| CVE-2020-35525 | 1 Sqlite | 1 Sqlite | 2024-11-21 | N/A | 7.5 HIGH |
|
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
|
|||||
| CVE-2020-35507 | 4 Broadcom, Gnu, Netapp and 1 more | 9 Brocade Fabric Operating System, Binutils, Cloud Backup and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
|
|||||
| CVE-2020-35505 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2020-35504 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
|
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2020-35503 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
|
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2020-35499 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
|
|||||
| CVE-2020-35496 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
|
|||||
| CVE-2020-35495 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
|
|||||
| CVE-2020-35450 | 1 Gobby Project | 1 Gobby | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.
|
|||||
| CVE-2020-29652 | 1 Golang | 1 Ssh | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
|
|||||
| CVE-2020-29571 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 4.9 MEDIUM | 6.2 MEDIUM |
|
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether ...
Show More |
|||||
| CVE-2020-29484 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 4.9 MEDIUM | 6.0 MEDIUM |
|
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with ...
Show More |
|||||
| CVE-2020-28346 | 1 Projectacrn | 1 Acrn | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference.
|
|||||
| CVE-2020-28345 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).
|
|||||
| CVE-2020-28344 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020).
|
|||||
| CVE-2020-28203 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).
|
|||||
| CVE-2020-27830 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.
|
|||||
| CVE-2020-27819 | 1 Libxls Project | 1 Libxls | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.
|
|||||
| CVE-2020-27675 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
|
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.
|
|||||
| CVE-2020-27289 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-27279 | 1 Redlion | 1 Crimson | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
|
|||||
| CVE-2020-27277 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2020-26991 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899)
|
|||||
| CVE-2020-26536 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.
|
|||||
| CVE-2020-26521 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Nats-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
|
|||||
| CVE-2020-26235 | 2 Microsoft, Time Project | 2 Windows, Time | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time ...
Show More |
|||||
| CVE-2020-26213 | 1 Teler Project | 1 Teler | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.
|
|||||
| CVE-2020-25866 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
|
|||||
| CVE-2020-25858 | 1 Qualcomm | 1 Qualcomm Mobile Access Point | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.
|
|||||