Total
3737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36622 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
| Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | |||||
| CVE-2022-36621 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
| Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | |||||
| CVE-2022-36227 | 4 Debian, Fedoraproject, Libarchive and 1 more | 4 Debian Linux, Fedora, Libarchive and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." | |||||
| CVE-2022-36186 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 7.5 HIGH |
| A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1. | |||||
| CVE-2022-36153 | 1 Monostream | 1 Tifig | 2024-11-21 | N/A | 5.5 MEDIUM |
| tifig v0.2.2 was discovered to contain a segmentation violation via std::vector<unsigned int, std::allocator<unsigned int> >::size() const at /bits/stl_vector.h. | |||||
| CVE-2022-36151 | 1 Monostream | 1 Tifig | 2024-11-21 | N/A | 5.5 MEDIUM |
| tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp. | |||||
| CVE-2022-36014 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 5.9 MEDIUM |
| TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-36013 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 5.9 MEDIUM |
| TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-36011 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 5.9 MEDIUM |
| TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-36000 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 5.9 MEDIUM |
| TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-35965 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 5.9 MEDIUM |
| TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-35883 | 1 Intel | 1 Media Software Development Kit | 2024-11-21 | N/A | 2.2 LOW |
| NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-35691 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35484 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. | |||||
| CVE-2022-35245 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A | 7.5 HIGH |
| In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-35206 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A | 5.5 MEDIUM |
| Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. | |||||
| CVE-2022-35108 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | |||||
| CVE-2022-35087 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c. | |||||
| CVE-2022-34969 | 1 Pingcap | 1 Tidb | 2024-11-21 | N/A | 7.5 HIGH |
| PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. | |||||
| CVE-2022-34761 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||