Total
5417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21602 | 1 Juniper | 1 Junos Os Evolved | 2025-06-17 | 7.5 High |
| A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO. | ||||
| CVE-2024-21664 | 1 Lestrrat-go | 1 Jwx | 2025-06-17 | 4.3 Medium |
| jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28. | ||||
| CVE-2024-29751 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB Read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27232 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-52303 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-06-17 | 4.7 Medium |
| Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||||
| CVE-2022-36661 | 1 Xhyve Project | 1 Xhyve | 2025-06-17 | 6.5 Medium |
| xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. | ||||
| CVE-2022-36659 | 1 Xhyve Project | 1 Xhyve | 2025-06-17 | 6.5 Medium |
| xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. | ||||
| CVE-2023-43898 | 1 Nothings | 1 Stb Image.h | 2025-06-17 | 5.5 Medium |
| Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | ||||
| CVE-2023-46343 | 1 Linux | 1 Linux Kernel | 2025-06-17 | 5.5 Medium |
| In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. | ||||
| CVE-2025-30321 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | 5.5 Medium |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-25453 | 1 Axiosys | 1 Bento4 | 2025-06-16 | 5.5 Medium |
| Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. | ||||
| CVE-2024-35618 | 1 Pingcap | 1 Tidb | 2025-06-10 | 7.5 High |
| PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer. | ||||
| CVE-2024-5198 | 1 Openvpn | 1 Ovpn-dco-win | 2025-06-10 | 3.3 Low |
| OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt. | ||||
| CVE-2025-31711 | 2 Google, Unisoc | 18 Android, S8000, Sc7731e and 15 more | 2025-06-10 | 5.1 Medium |
| In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. | ||||
| CVE-2013-6954 | 2 Libpng, Redhat | 4 Libpng, Network Satellite, Rhel Extras and 1 more | 2025-06-10 | 6.5 Medium |
| The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. | ||||
| CVE-2024-31041 | 1 Emqx | 1 Nanomq | 2025-06-10 | 7.5 High |
| Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. | ||||
| CVE-2024-28458 | 1 Swftools | 1 Swftools | 2025-06-10 | 7.5 High |
| Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. | ||||
| CVE-2023-51744 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-06-09 | 3.3 Low |
| A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2025-25217 | 1 Openatom | 1 Openharmony | 2025-06-09 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | ||||
| CVE-2024-23327 | 1 Envoyproxy | 1 Envoy | 2025-06-09 | 7.5 High |
| Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||