Total
4253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8835 | 1 Jasper Project | 1 Jasper | 2025-08-12 | 3.3 Low |
| A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-47807 | 1 Gstreamer | 1 Gstreamer | 2025-08-12 | 5.5 Medium |
| In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. | ||||
| CVE-2025-8865 | 1 Yugabyte | 1 Yugabytedb | 2025-08-12 | 2.0 Low |
| The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service. | ||||
| CVE-2025-50952 | 2 Openjpeg, Uclouvain | 2 Openjpeg, Openjpeg | 2025-08-12 | 6.5 Medium |
| openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. | ||||
| CVE-2025-47808 | 1 Gstreamer | 1 Gstreamer | 2025-08-12 | 5.6 Medium |
| In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. | ||||
| CVE-2025-8735 | 1 Gnu | 1 Cflow | 2025-08-12 | 3.3 Low |
| A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8844 | 1 Nasm | 1 Netwide Assembler | 2025-08-12 | 3.3 Low |
| A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-26690 | 1 Openharmony | 1 Openharmony | 2025-08-12 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | ||||
| CVE-2025-8183 | 1 D3tn | 1 Ud3tn | 2025-08-11 | 7.5 High |
| NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS | ||||
| CVE-2023-24847 | 1 Qualcomm | 514 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 511 more | 2025-08-11 | 7.5 High |
| Transient DOS in Modem while allocating DSM items. | ||||
| CVE-2023-33088 | 1 Qualcomm | 612 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 609 more | 2025-08-11 | 8.4 High |
| Memory corruption when processing cmd parameters while parsing vdev. | ||||
| CVE-2023-33089 | 1 Qualcomm | 456 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 453 more | 2025-08-11 | 7.5 High |
| Transient DOS when processing a NULL buffer while parsing WLAN vdev. | ||||
| CVE-2023-33109 | 1 Qualcomm | 620 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 617 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | ||||
| CVE-2025-21433 | 1 Qualcomm | 551 215 Mobile, 215 Mobile Firmware, Apq8017 and 548 more | 2025-08-11 | 6.2 Medium |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. | ||||
| CVE-2023-43522 | 1 Qualcomm | 572 Aqt1000, Aqt1000 Firmware, Ar8035 and 569 more | 2025-08-11 | 7.5 High |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | ||||
| CVE-2024-53024 | 1 Qualcomm | 332 Ar8035, Ar8035 Firmware, Csra6620 and 329 more | 2025-08-11 | 7.8 High |
| Memory corruption in display driver while detaching a device. | ||||
| CVE-2025-50422 | 1 Freedesktop | 1 Poppler | 2025-08-10 | 2.9 Low |
| Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c. | ||||
| CVE-2025-22037 | 1 Linux | 1 Linux Kernel | 2025-08-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete. | ||||
| CVE-2024-20339 | 1 Cisco | 1 Firepower Threat Defense Software | 2025-08-08 | 8.6 High |
| A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition and impacting traffic to and through the affected device. | ||||
| CVE-2023-32171 | 1 Unified-automation | 1 Uagateway | 2025-08-08 | N/A |
| Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportCsv method. A crafted XML payload can cause a null pointer dereference. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20495. | ||||