Total
3817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53817 | 2025-07-18 | N/A | N/A | ||
| 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue. | |||||
| CVE-2024-44939 | 1 Linux | 1 Linux Kernel | 2025-07-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 ... [Analyze] In dtInsertEntry(), when the pointer h has the same value as p, after writing name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the previously true judgment "p->header.flag & BT-LEAF" to change to no after writing the name operation, this leads to entering an incorrect branch and accessing the uninitialized object ih when judging this condition for the second time. [Fix] After got the page, check freelist first, if freelist == 0 then exit dtInsert() and return -EINVAL. | |||||
| CVE-2022-48703 | 1 Linux | 1 Linux Kernel | 2025-07-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault. | |||||
| CVE-2025-53170 | 1 Huawei | 1 Harmonyos | 2025-07-15 | N/A | 4.0 MEDIUM |
| Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2025-49694 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-07-15 | N/A | 7.8 HIGH |
| Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49686 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
| Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49678 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.0 HIGH |
| Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-6395 | 2025-07-15 | N/A | 6.5 MEDIUM | ||
| A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). | |||||
| CVE-2025-52984 | 2025-07-15 | N/A | 5.9 MEDIUM | ||
| A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO. | |||||
| CVE-2025-7462 | 2025-07-15 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-47109 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-07-14 | N/A | 5.5 MEDIUM |
| After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-5867 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 7.7 HIGH | 8.0 HIGH |
| A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference. | |||||
| CVE-2025-43583 | 1 Adobe | 1 Substance 3d Viewer | 2025-07-11 | N/A | 5.5 MEDIUM |
| Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-36387 | 2 Apache, Netapp | 2 Http Server, Ontap | 2025-07-10 | N/A | 5.4 MEDIUM |
| Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. | |||||
| CVE-2025-47119 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2025-07-10 | N/A | 5.5 MEDIUM |
| Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-20677 | 1 Mediatek | 6 Mt7902, Mt7921, Mt7922 and 3 more | 2025-07-10 | N/A | 5.5 MEDIUM |
| In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284. | |||||
| CVE-2025-20676 | 1 Mediatek | 6 Mt7902, Mt7921, Mt7922 and 3 more | 2025-07-10 | N/A | 5.5 MEDIUM |
| In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293. | |||||
| CVE-2025-49524 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-07-10 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-33057 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 6.5 MEDIUM |
| Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. | |||||
| CVE-2017-5979 | 1 Gdraheim | 1 Zziplib | 2025-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | |||||