Total
2407 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13590 | 1 Sound Exchange Project | 1 Sound Exchange | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. | |||||
CVE-2019-12995 | 1 Istio | 1 Istio | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault. | |||||
CVE-2019-16348 | 1 Libwav Project | 1 Libwav | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c. | |||||
CVE-2018-17419 | 1 Dns Library Project | 1 Dns Library | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | |||||
CVE-2019-11637 | 1 Gnu | 1 Recutils | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. | |||||
CVE-2019-12481 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box. | |||||
CVE-2019-3840 | 2 Opensuse, Redhat | 2 Leap, Libvirt | 2023-12-10 | 3.5 LOW | 6.3 MEDIUM |
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. | |||||
CVE-2019-15923 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
CVE-2019-12435 | 1 Samba | 1 Samba | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process. | |||||
CVE-2019-12436 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit. | |||||
CVE-2019-14248 | 1 Nasm | 1 Netwide Assembler | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled. | |||||
CVE-2019-11596 | 2 Canonical, Memcached | 2 Ubuntu Linux, Memcached | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. | |||||
CVE-2018-7574 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7576, CVE-2018-21233. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2018-7576 and CVE-2018-21233 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2019-11419 | 1 Tencent | 1 Wechat | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji. | |||||
CVE-2019-13161 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). | |||||
CVE-2019-11494 | 3 Dovecot, Fedoraproject, Opensuse | 3 Dovecot, Fedora, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. | |||||
CVE-2019-12482 | 1 Gpac | 1 Gpac | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. | |||||
CVE-2019-12155 | 1 Qemu | 1 Qemu | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | |||||
CVE-2019-11023 | 1 Graphviz | 1 Graphviz | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. | |||||
CVE-2019-13238 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer. |