Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27836 | 2 Fedoraproject, Libxls Project | 2 Fedora, Libxls | 2021-11-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. | |||||
| CVE-2021-43016 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2021-11-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42373 | 1 Busybox | 1 Busybox | 2021-11-25 | 2.1 LOW | 5.5 MEDIUM |
| A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | |||||
| CVE-2021-42376 | 1 Busybox | 1 Busybox | 2021-11-25 | 1.9 LOW | 5.5 MEDIUM |
| A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | |||||
| CVE-2021-34798 | 2 Apache, Fedoraproject | 2 Http Server, Fedora | 2021-11-24 | 5.0 MEDIUM | 7.5 HIGH |
| Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2021-40774 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2021-11-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40773 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2021-11-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39921 | 1 Wireshark | 1 Wireshark | 2021-11-24 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-39923 | 1 Wireshark | 1 Wireshark | 2021-11-24 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-39928 | 1 Wireshark | 1 Wireshark | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-39920 | 1 Wireshark | 1 Wireshark | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-43668 | 1 Ethereum | 1 Go Ethereum | 2021-11-23 | 2.1 LOW | 5.5 MEDIUM |
| Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal. | |||||
| CVE-2021-43667 | 1 Linuxfoundation | 1 Fabric | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash. | |||||
| CVE-2021-40761 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-11-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40756 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-11-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42268 | 1 Adobe | 1 Animate | 2021-11-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-15190 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2021-11-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | |||||
| CVE-2021-41524 | 2 Apache, Fedoraproject | 2 Http Server, Fedora | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. | |||||
| CVE-2021-36222 | 2 Debian, Mit | 2 Debian Linux, Kerberos 5 | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | |||||
| CVE-2020-20450 | 1 Ffmpeg | 1 Ffmpeg | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. | |||||