Total
2508 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32202 | 1 Libjpeg Project | 1 Libjpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | |||||
| CVE-2022-32201 | 1 Libjpeg Project | 1 Libjpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | |||||
| CVE-2022-31763 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-31681 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-11-21 | N/A | 6.5 MEDIUM |
| VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. | |||||
| CVE-2022-31618 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. | |||||
| CVE-2022-31615 | 1 Nvidia | 4 Geforce, Gpu Display Driver, Rtx and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-31077 | 1 Linuxfoundation | 1 Kubeedge | 2024-11-21 | 3.5 LOW | 4.0 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. | |||||
| CVE-2022-31076 | 1 Linuxfoundation | 1 Kubeedge | 2024-11-21 | 2.7 LOW | 4.2 MEDIUM |
| KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. | |||||
| CVE-2022-30975 | 1 Artifex | 1 Mujs | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. | |||||
| CVE-2022-2980 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | |||||
| CVE-2022-2928 | 3 Debian, Fedoraproject, Isc | 3 Debian Linux, Fedora, Dhcp | 2024-11-21 | N/A | 6.5 MEDIUM |
| In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | |||||
| CVE-2022-2923 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | |||||
| CVE-2022-2874 | 1 Vim | 1 Vim | 2024-11-21 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. | |||||
| CVE-2022-2549 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV. | |||||
| CVE-2022-2476 | 2 Fedoraproject, Wavpack | 2 Fedora, Wavpack | 2024-11-21 | N/A | 5.5 MEDIUM |
| A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING | |||||
| CVE-2022-2279 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. | |||||
| CVE-2022-2231 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2208 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |||||
| CVE-2022-2153 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | |||||
| CVE-2022-2085 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | |||||