Total
3737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44018 | 1 Softing | 1 Uatoolkit Embedded | 2025-04-01 | N/A | 7.5 HIGH |
| In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application. | |||||
| CVE-2025-27170 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-03-31 | N/A | 5.5 MEDIUM |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-3858 | 1 Mozilla | 1 Firefox | 2025-03-31 | N/A | 7.5 HIGH |
| It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125. | |||||
| CVE-2023-0394 | 1 Linux | 1 Linux Kernel | 2025-03-31 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. | |||||
| CVE-2024-53209 | 1 Linux | 1 Linux Kernel | 2025-03-28 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix receive ring space parameters when XDP is active The MTU setting at the time an XDP multi-buffer is attached determines whether the aggregation ring will be used and the rx_skb_func handler. This is done in bnxt_set_rx_skb_mode(). If the MTU is later changed, the aggregation ring setting may need to be changed and it may become out-of-sync with the settings initially done in bnxt_set_rx_skb_mode(). This may result in random memory corruption and crashes as the HW may DMA data larger than the allocated buffer size, such as: BUG: kernel NULL pointer dereference, address: 00000000000003c0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1 Hardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021 RIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en] Code: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f RSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202 RAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff RDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380 RBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf R10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980 R13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990 FS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en] To address the issue, we now call bnxt_set_rx_skb_mode() within bnxt_change_mtu() to properly set the AGG rings configuration and update rx_skb_func based on the new MTU value. Additionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of bnxt_set_rx_skb_mode() to make sure it gets set or cleared based on the current MTU. | |||||
| CVE-2024-47753 | 1 Linux | 1 Linux Kernel | 2025-03-28 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL. | |||||
| CVE-2022-4285 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Binutils, Enterprise Linux | 2025-03-28 | N/A | 5.5 MEDIUM |
| An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | |||||
| CVE-2024-28577 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 5.5 MEDIUM |
| Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format. | |||||
| CVE-2024-28584 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | N/A | 3.3 LOW |
| Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format. | |||||
| CVE-2025-0312 | 1 Ollama | 1 Ollama | 2025-03-28 | N/A | 7.5 HIGH |
| A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network. | |||||
| CVE-2024-26814 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself is guaranteed that trigger is always valid between request_irq() and free_irq(), but the loopback testing mechanisms to invoke the handler function need to test the trigger. The triggering and setting ioctl paths both make use of igate and are therefore mutually exclusive. The vfio-fsl-mc driver does not make use of irqfds, nor does it support any sort of masking operations, therefore unlike vfio-pci and vfio-platform, the flow can remain essentially unchanged. | |||||
| CVE-2024-22524 | 1 Dnspod | 1 Dnspod Security Recursive | 2025-03-27 | N/A | 5.5 MEDIUM |
| dnspod-sr 0dfbd37 is vulnerable to buffer overflow. | |||||
| CVE-2024-34952 | 2025-03-27 | N/A | 5.0 MEDIUM | ||
| taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file. | |||||
| CVE-2024-26475 | 1 Radare | 1 Radare2 | 2025-03-27 | N/A | 5.5 MEDIUM |
| An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. | |||||
| CVE-2024-27229 | 1 Google | 1 Android | 2025-03-27 | N/A | 7.5 HIGH |
| In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-11499 | 2025-03-27 | N/A | 4.9 MEDIUM | ||
| A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. | |||||
| CVE-2024-10037 | 2025-03-27 | N/A | 4.4 MEDIUM | ||
| A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability. The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability. | |||||
| CVE-2025-31176 | 2025-03-27 | N/A | 6.2 MEDIUM | ||
| A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. | |||||
| CVE-2025-31178 | 2025-03-27 | N/A | 6.2 MEDIUM | ||
| A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. | |||||
| CVE-2025-31179 | 2025-03-27 | N/A | 6.2 MEDIUM | ||
| A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. | |||||