Total
4089 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32818 | 2025-04-29 | 7.5 High | ||
| A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. | ||||
| CVE-2025-46400 | 2025-04-29 | 7.1 High | ||
| Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function. | ||||
| CVE-2025-46399 | 2025-04-29 | 7.1 High | ||
| Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function. | ||||
| CVE-2025-4002 | 2025-04-29 | 5.5 Medium | ||
| A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-4003 | 2025-04-29 | 5.5 Medium | ||
| A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-39755 | 1 Linux | 1 Linux Kernel | 2025-04-28 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmcia_driver struct was still only using the old .name initialization in the drv field. This led to a NULL pointer deref Oops in strcmp called from pcmcia_register_driver. Initialize the pcmcia_driver struct name field. | ||||
| CVE-2024-26342 | 1 Asus | 3 4g-ac68u, 4g-ac68u Firmware, Ac68u | 2025-04-28 | 7.5 High |
| A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet. | ||||
| CVE-2024-56430 | 2025-04-26 | 2.9 Low | ||
| OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp. | ||||
| CVE-2024-25260 | 1 Elfutils Project | 1 Elfutils | 2025-04-25 | 4 Medium |
| elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. | ||||
| CVE-2023-37185 | 1 Blosc | 1 C-blosc2 | 2025-04-25 | 7.5 High |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. | ||||
| CVE-2023-37186 | 1 Blosc | 1 C-blosc2 | 2025-04-25 | 7.5 High |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. | ||||
| CVE-2023-37187 | 1 Blosc | 1 C-blosc2 | 2025-04-25 | 7.5 High |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function. | ||||
| CVE-2023-37188 | 1 Blosc | 1 C-blosc2 | 2025-04-25 | 7.5 High |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. | ||||
| CVE-2024-46742 | 1 Linux | 1 Linux Kernel | 2025-04-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context(). | ||||
| CVE-2025-30645 | 2025-04-24 | 7.5 High | ||
| A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2. | ||||
| CVE-2023-6535 | 2 Linux, Redhat | 19 Linux Kernel, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 16 more | 2025-04-24 | 6.5 Medium |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | ||||
| CVE-2024-24855 | 1 Linux | 1 Linux Kernel | 2025-04-24 | 5 Medium |
| A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||||
| CVE-2022-20521 | 1 Google | 1 Android | 2025-04-23 | 5 Medium |
| In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684 | ||||
| CVE-2020-9746 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Macos, Chrome Os and 5 more | 2025-04-23 | 7 High |
| Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. | ||||
| CVE-2021-28601 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2025-04-23 | 3.3 Low |
| Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||