Total
3793 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20054 | 2 Linux, Netapp | 17 Linux Kernel, 8300, 8300 Firmware and 14 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | |||||
| CVE-2019-20007 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault). | |||||
| CVE-2019-1922 | 1 Cisco | 24 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 21 more | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
| A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process. | |||||
| CVE-2019-1900 | 1 Cisco | 5 Integrated Management Controller Supervisor, Ucs C125 M5, Ucs C4200 and 2 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart. | |||||
| CVE-2019-19965 | 5 Canonical, Debian, Linux and 2 more | 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | |||||
| CVE-2019-19926 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | |||||
| CVE-2019-19923 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | |||||
| CVE-2019-19887 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. | |||||
| CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | |||||
| CVE-2019-19819 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content. | |||||
| CVE-2019-19815 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h. | |||||
| CVE-2019-19789 | 1 Codesys | 3 Plcwinnt, Runtime Toolkit, Sp Realtime Nt | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. | |||||
| CVE-2019-19722 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient. | |||||
| CVE-2019-19698 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c. | |||||
| CVE-2019-19647 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. | |||||
| CVE-2019-19462 | 5 Canonical, Debian, Linux and 2 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | |||||
| CVE-2019-19376 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.) | |||||
| CVE-2019-19308 | 1 Gnome | 1 Gnome-font-viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL). | |||||
| CVE-2019-19272 | 1 Proftpd | 1 Proftpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | |||||
| CVE-2019-19269 | 3 Debian, Fedoraproject, Proftpd | 3 Debian Linux, Fedora, Proftpd | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | |||||