Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35965 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-35691 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35484 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. | |||||
| CVE-2022-35108 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | |||||
| CVE-2022-34683 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service. | |||||
| CVE-2022-34682 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-34679 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-34675 | 3 Citrix, Nvidia, Redhat | 9 Hypervisor, Cloud Gaming, Geforce and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-34666 | 5 Citrix, Linux, Microsoft and 2 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-34665 | 3 Linux, Microsoft, Nvidia | 8 Linux Kernel, Windows, Cloud Gaming Guest and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-34556 | 1 Picoc Project | 1 Picoc | 2024-11-21 | N/A | 5.5 MEDIUM |
| PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c. | |||||
| CVE-2022-34520 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 5.5 MEDIUM |
| Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file. | |||||
| CVE-2022-32202 | 1 Libjpeg Project | 1 Libjpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | |||||
| CVE-2022-32201 | 1 Libjpeg Project | 1 Libjpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | |||||
| CVE-2022-31763 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-31681 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-11-21 | N/A | 6.5 MEDIUM |
| VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. | |||||
| CVE-2022-31618 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. | |||||
| CVE-2022-31615 | 1 Nvidia | 4 Geforce, Gpu Display Driver, Rtx and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-31077 | 1 Linuxfoundation | 1 Kubeedge | 2024-11-21 | 3.5 LOW | 4.0 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. | |||||
| CVE-2022-31076 | 1 Linuxfoundation | 1 Kubeedge | 2024-11-21 | 2.7 LOW | 4.2 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. | |||||