Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-0459 | 1 Linux | 1 Linux Kernel | 2023-06-06 | 5.5 Medium |
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 | ||||
CVE-2020-27545 | 1 Libdwarf Project | 1 Libdwarf | 2023-04-26 | 6.5 Medium |
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object. | ||||
CVE-2022-25725 | 1 Qualcomm | 134 Ar8035, Ar8035 Firmware, Csrb31024 and 131 more | 2023-04-19 | 5.5 Medium |
Denial of service in MODEM due to improper pointer handling | ||||
CVE-2022-48425 | 1 Linux | 1 Linux Kernel | 2023-04-13 | 7.8 High |
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. | ||||
CVE-2021-3682 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2023-03-31 | 8.5 High |
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. | ||||
CVE-2022-2521 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-02-23 | 6.5 Medium |
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. | ||||
CVE-2023-25565 | 1 Gss-ntlmssp Project | 1 Gss-ntlmssp | 2023-02-22 | 7.5 High |
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. | ||||
CVE-2017-18075 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-07 | 7.8 High |
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. | ||||
CVE-2020-24371 | 1 Lua | 1 Lua | 2023-01-28 | 5.3 Medium |
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. | ||||
CVE-2022-28203 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2022-11-03 | 7.5 High |
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query. | ||||
CVE-2022-41691 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2022-10-23 | 7.5 High |
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. | ||||
CVE-2019-20170 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-10-14 | 5.5 Medium |
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. | ||||
CVE-2020-27798 | 1 Upx Project | 1 Upx | 2022-08-27 | 5.5 Medium |
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | ||||
CVE-2020-27797 | 1 Upx Project | 1 Upx | 2022-08-27 | 5.5 Medium |
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | ||||
CVE-2007-4367 | 1 Opera | 1 Opera Browser | 2022-02-26 | N/A |
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." | ||||
CVE-2021-40042 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2022-02-04 | 6.5 Medium |
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. | ||||
CVE-2021-45261 | 1 Gnu | 1 Patch | 2021-12-28 | 5.5 Medium |
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | ||||
CVE-2020-12963 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-12-27 | 7.8 High |
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. | ||||
CVE-2021-28216 | 1 Tianocore | 1 Edk Ii | 2021-08-16 | 7.8 High |
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | ||||
CVE-2020-13132 | 1 Yubico | 3 Libykpiv, Piv Tool Manager, Yubikey Smart Card Minidriver | 2021-07-21 | 4.6 Medium |
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack. |