Total
3487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19037 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 5.5 Medium |
| ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. | ||||
| CVE-2019-18976 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-08-05 | 7.5 High |
| An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. | ||||
| CVE-2019-19011 | 1 Miniupnp Project | 1 Ngiflib | 2024-08-05 | 7.5 High |
| MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette. | ||||
| CVE-2019-18838 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-08-05 | 7.5 High |
| An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process. | ||||
| CVE-2019-18885 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 5.5 Medium |
| fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. | ||||
| CVE-2019-18799 | 1 Sass-lang | 1 Libsass | 2024-08-05 | 6.5 Medium |
| LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. | ||||
| CVE-2019-18804 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2024-08-05 | 7.5 High |
| DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. | ||||
| CVE-2019-18680 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 7.5 High |
| An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. | ||||
| CVE-2019-18635 | 1 Themooltipass | 1 Moolticute | 2024-08-05 | 7.5 High |
| An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp. | ||||
| CVE-2019-18388 | 3 Debian, Opensuse, Virglrenderer Project | 3 Debian Linux, Leap, Virglrenderer | 2024-08-05 | 5.5 Medium |
| A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. | ||||
| CVE-2019-18190 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2024-08-05 | 9.8 Critical |
| Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | ||||
| CVE-2019-17453 | 1 Axiosys | 1 Bento4 | 2024-08-05 | 6.5 Medium |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact. | ||||
| CVE-2019-17452 | 1 Axiosys | 1 Bento4 | 2024-08-05 | 6.5 Medium |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump. | ||||
| CVE-2019-17539 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-08-05 | 9.8 Critical |
| In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | ||||
| CVE-2019-17454 | 1 Axiosys | 1 Bento4 | 2024-08-05 | 6.5 Medium |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info. | ||||
| CVE-2019-17502 | 1 Hydra Project | 1 Hydra | 2024-08-05 | 7.5 High |
| Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer. | ||||
| CVE-2019-17064 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | 5.5 Medium |
| Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. | ||||
| CVE-2019-17007 | 3 Mozilla, Redhat, Siemens | 19 Network Security Services, Enterprise Linux, Rhel Eus and 16 more | 2024-08-05 | 7.5 High |
| In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | ||||
| CVE-2019-16754 | 1 Riot-os | 1 Riot | 2024-08-05 | 7.5 High |
| RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet. | ||||
| CVE-2019-16230 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 4.7 Medium |
| drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely | ||||