Total
4283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52814 | 1 Linux | 1 Linux Kernel | 2025-09-16 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using. | |||||
| CVE-2025-29901 | 1 Qnap | 1 File Station | 2025-09-15 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later | |||||
| CVE-2024-36626 | 1 Prestashop | 1 Prestashop | 2025-09-15 | N/A | 5.3 MEDIUM |
| In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php. | |||||
| CVE-2025-8844 | 1 Nasm | 1 Netwide Assembler | 2025-09-15 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9396 | 1 Ckolivas | 1 Lrzip | 2025-09-12 | 1.7 LOW | 3.3 LOW |
| A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited. | |||||
| CVE-2024-51738 | 1 Lizardbyte | 1 Sunshine | 2025-09-11 | N/A | 8.1 HIGH |
| Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840. | |||||
| CVE-2025-8534 | 1 Libtiff | 1 Libtiff | 2025-09-11 | 1.0 LOW | 2.5 LOW |
| A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used." | |||||
| CVE-2025-57611 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 5.3 MEDIUM |
| An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfilter_graph_dump() for NULL, leading to a crash if the underlying memory allocation fails. | |||||
| CVE-2025-57612 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 7.5 HIGH |
| An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the av_get_sample_fmt_name() C function, which can be triggered by providing an unrecognized sample format. | |||||
| CVE-2025-57613 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 7.5 HIGH |
| An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avio_alloc_context() call fails and returns NULL, which is then stored and later dereferenced by the Io struct's Drop implementation. | |||||
| CVE-2025-57615 | 1 Meh.schizofreni | 1 Rust-ffmpeg | 2025-09-10 | N/A | 7.5 HIGH |
| An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to c_int, which can result in a negative value being passed to the underlying C function sws_allocVec(). | |||||
| CVE-2025-0009 | 2025-09-08 | N/A | 5.5 MEDIUM | ||
| A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability. | |||||
| CVE-2025-36894 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.5 HIGH |
| In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-36620 | 1 Mobyproject | 1 Moby | 2025-09-05 | N/A | 6.5 MEDIUM |
| moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. | |||||
| CVE-2025-8586 | 1 Libav | 1 Libav | 2025-09-04 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-8584 | 1 Libav | 1 Libav | 2025-09-04 | 1.7 LOW | 3.3 LOW |
| A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-53270 | 1 Envoyproxy | 1 Envoy | 2025-09-04 | N/A | 7.5 HIGH |
| Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold. | |||||
| CVE-2025-20262 | 2025-08-29 | N/A | 5.0 MEDIUM | ||
| A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes. | |||||
| CVE-2023-41234 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 5.0 MEDIUM |
| NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-56430 | 2025-08-27 | N/A | 2.9 LOW | ||
| OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp. | |||||