Total
3737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42733 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42577 | 1 Softing | 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. | |||||
| CVE-2021-42528 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42521 | 1 Vtk | 1 Vtk | 2024-11-21 | N/A | 7.5 HIGH |
| There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application. | |||||
| CVE-2021-42376 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | |||||
| CVE-2021-42373 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | |||||
| CVE-2021-42268 | 1 Adobe | 1 Animate | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42264 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42263 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42202 | 1 Swftools | 1 Swftools | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-42200 | 1 Swftools | 1 Swftools | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-42198 | 1 Swftools | 1 Swftools | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-42196 | 1 Swftools | 1 Swftools | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-41689 | 1 Offis | 1 Dcmtk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. | |||||
| CVE-2021-41524 | 4 Apache, Fedoraproject, Netapp and 1 more | 4 Http Server, Fedora, Cloud Backup and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. | |||||
| CVE-2021-41497 | 1 Rare-technologies | 1 Bounter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket. | |||||
| CVE-2021-41495 | 1 Numpy | 1 Numpy | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place | |||||
| CVE-2021-41217 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node). When this is not the case, `parent` is `nullptr` so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41215 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41208 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow's boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||