Total
3858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38573 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 7.5 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. | |||||
| CVE-2024-38559 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 4.4 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user. | |||||
| CVE-2022-44018 | 1 Softing | 1 Uatoolkit Embedded | 2025-04-01 | N/A | 7.5 HIGH |
| In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application. | |||||
| CVE-2025-27170 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-03-31 | N/A | 5.5 MEDIUM |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-3858 | 1 Mozilla | 1 Firefox | 2025-03-31 | N/A | 7.5 HIGH |
| It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125. | |||||
| CVE-2024-47753 | 1 Linux | 1 Linux Kernel | 2025-03-28 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL. | |||||
| CVE-2022-4285 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Binutils, Enterprise Linux | 2025-03-28 | N/A | 5.5 MEDIUM |
| An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | |||||
| CVE-2024-28577 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 5.5 MEDIUM |
| Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format. | |||||
| CVE-2024-28584 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 3.3 LOW |
| Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format. | |||||
| CVE-2025-0312 | 1 Ollama | 1 Ollama | 2025-03-28 | N/A | 7.5 HIGH |
| A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network. | |||||
| CVE-2024-26814 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself is guaranteed that trigger is always valid between request_irq() and free_irq(), but the loopback testing mechanisms to invoke the handler function need to test the trigger. The triggering and setting ioctl paths both make use of igate and are therefore mutually exclusive. The vfio-fsl-mc driver does not make use of irqfds, nor does it support any sort of masking operations, therefore unlike vfio-pci and vfio-platform, the flow can remain essentially unchanged. | |||||
| CVE-2024-22524 | 1 Dnspod | 1 Dnspod Security Recursive | 2025-03-27 | N/A | 5.5 MEDIUM |
| dnspod-sr 0dfbd37 is vulnerable to buffer overflow. | |||||
| CVE-2024-34952 | 2025-03-27 | N/A | 5.0 MEDIUM | ||
| taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file. | |||||
| CVE-2024-26475 | 1 Radare | 1 Radare2 | 2025-03-27 | N/A | 5.5 MEDIUM |
| An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. | |||||
| CVE-2024-27229 | 1 Google | 1 Android | 2025-03-27 | N/A | 7.5 HIGH |
| In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-11499 | 2025-03-27 | N/A | 4.9 MEDIUM | ||
| A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. | |||||
| CVE-2024-10037 | 2025-03-27 | N/A | 4.4 MEDIUM | ||
| A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. | |||||
| CVE-2023-23087 | 1 Mojojson Project | 1 Mojojson | 2025-03-26 | N/A | 9.8 CRITICAL |
| An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. | |||||
| CVE-2022-32663 | 1 Mediatek | 44 Mt5221, Mt5221 Firmware, Mt7603 and 41 more | 2025-03-26 | N/A | 7.5 HIGH |
| In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014. | |||||
| CVE-2022-47360 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | |||||