Total
4273 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12109 | 1 Miniupnp Project | 1 Miniupnpd | 2024-11-21 | N/A |
| A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. | ||||
| CVE-2019-12108 | 1 Miniupnp Project | 1 Miniupnpd | 2024-11-21 | N/A |
| A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. | ||||
| CVE-2019-12101 | 1 Libnyoci Project | 1 Libnyoci | 2024-11-21 | N/A |
| coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault). | ||||
| CVE-2019-12067 | 4 Debian, Fedoraproject, Qemu and 1 more | 5 Debian Linux, Fedora, Qemu and 2 more | 2024-11-21 | 6.5 Medium |
| The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | ||||
| CVE-2019-11867 | 1 Realtek | 1 Ndis | 2024-11-21 | 5.5 Medium |
| Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0. | ||||
| CVE-2019-11810 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | ||||
| CVE-2019-11638 | 1 Gnu | 1 Recutils | 2024-11-21 | N/A |
| An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. | ||||
| CVE-2019-11637 | 1 Gnu | 1 Recutils | 2024-11-21 | N/A |
| An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. | ||||
| CVE-2019-11596 | 3 Canonical, Memcached, Redhat | 4 Ubuntu Linux, Memcached, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. | ||||
| CVE-2019-11555 | 1 W1.fi | 2 Hostapd, Wpa Supplicant | 2024-11-21 | N/A |
| The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. | ||||
| CVE-2019-11494 | 3 Dovecot, Fedoraproject, Opensuse | 3 Dovecot, Fedora, Leap | 2024-11-21 | 7.5 High |
| In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | ||||
| CVE-2019-11419 | 1 Tencent | 1 Wechat | 2024-11-21 | 5.5 Medium |
| vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji. | ||||
| CVE-2019-11366 | 1 Atftp Project | 1 Atftp | 2024-11-21 | N/A |
| An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. | ||||
| CVE-2019-11338 | 4 Canonical, Debian, Ffmpeg and 1 more | 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more | 2024-11-21 | 8.8 High |
| libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | ||||
| CVE-2019-11111 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-11-21 | 7.8 High |
| Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-11023 | 1 Graphviz | 1 Graphviz | 2024-11-21 | N/A |
| The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. | ||||
| CVE-2019-10901 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 High |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | ||||
| CVE-2019-10873 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
| An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. | ||||
| CVE-2019-10616 | 1 Qualcomm | 24 Apq8009, Apq8009 Firmware, Apq8016 and 21 more | 2024-11-21 | 5.5 Medium |
| Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8998, SA6155P, SDX24 | ||||
| CVE-2019-10600 | 1 Qualcomm | 100 Apq8009, Apq8009 Firmware, Apq8017 and 97 more | 2024-11-21 | 7.8 High |
| Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCA8081, QCS405, QCS605, QM215, SA6155P, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | ||||