Total
3482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29340 | 1 Gpac | 1 Gpac | 2024-08-03 | 7.5 High |
| GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. | ||||
| CVE-2022-29205 | 1 Google | 1 Tensorflow | 2024-08-03 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | ||||
| CVE-2022-29201 | 1 Google | 1 Tensorflow | 2024-08-03 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | ||||
| CVE-2022-29224 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-08-03 | 5.9 Medium |
| Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. | ||||
| CVE-2022-29206 | 1 Google | 1 Tensorflow | 2024-08-03 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | ||||
| CVE-2022-29031 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-08-03 | 5.5 Medium |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2022-29029 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-08-03 | 5.5 Medium |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2022-28189 | 1 Nvidia | 1 Gpu Display Driver | 2024-08-03 | 5.5 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. | ||||
| CVE-2022-28049 | 1 F5 | 1 Njs | 2024-08-03 | 5.5 Medium |
| NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. | ||||
| CVE-2022-27944 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-08-03 | 7.5 High |
| Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference. | ||||
| CVE-2022-27567 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | ||||
| CVE-2022-27497 | 1 Intel | 1 Active Management Technology Firmware | 2024-08-03 | 8.6 High |
| Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2022-27359 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-08-03 | 5.5 Medium |
| Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. | ||||
| CVE-2022-26979 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-08-03 | 7.5 High |
| Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL. | ||||
| CVE-2022-26095 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | ||||
| CVE-2022-26099 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. | ||||
| CVE-2022-26096 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | ||||
| CVE-2022-26097 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | ||||
| CVE-2022-26093 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | ||||
| CVE-2022-26094 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | ||||