Total
4221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25866 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | ||||
| CVE-2020-25858 | 1 Qualcomm | 1 Qualcomm Mobile Access Point | 2024-11-21 | 7.5 High |
| The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. | ||||
| CVE-2020-25821 | 1 Peg-markdown Project | 1 Peg-markdown | 2024-11-21 | 7.5 High |
| peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-25743 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack Platform | 2024-11-21 | 3.2 Low |
| hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. | ||||
| CVE-2020-25742 | 1 Qemu | 1 Qemu | 2024-11-21 | 3.2 Low |
| pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. | ||||
| CVE-2020-25741 | 1 Qemu | 1 Qemu | 2024-11-21 | 3.2 Low |
| fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. | ||||
| CVE-2020-25692 | 3 Netapp, Openldap, Redhat | 6 Cloud Backup, Solidfire Baseboard Management Controller, Solidfire Baseboard Management Controller Firmware and 3 more | 2024-11-21 | 7.5 High |
| A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | ||||
| CVE-2020-25639 | 3 Fedoraproject, Linux, Redhat | 5 Fedora, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | 4.4 Medium |
| A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. | ||||
| CVE-2020-25467 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-11-21 | 5.5 Medium |
| A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. | ||||
| CVE-2020-25465 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25427 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. | ||||
| CVE-2020-25285 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 6.4 Medium |
| A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | ||||
| CVE-2020-25018 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. | ||||
| CVE-2020-24890 | 1 Libraw | 1 Libraw | 2024-11-21 | 5.5 Medium |
| libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way | ||||
| CVE-2020-24659 | 5 Canonical, Fedoraproject, Gnu and 2 more | 5 Ubuntu Linux, Fedora, Gnutls and 2 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | ||||
| CVE-2020-24421 | 2 Adobe, Microsoft | 2 Indesign, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue. | ||||
| CVE-2020-24385 | 2 Freebsd, Midnightbsd | 2 Freebsd, Midnightbsd | 2024-11-21 | 5.5 Medium |
| In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). | ||||
| CVE-2020-24369 | 1 Lua | 1 Lua | 2024-11-21 | 7.5 High |
| ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. | ||||
| CVE-2020-24242 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. | ||||
| CVE-2020-24187 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.5 Medium |
| An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | ||||