Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15514 | 1 Ollama | 1 Ollama | 2026-01-21 | N/A | 7.5 HIGH |
| Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted. | |||||
| CVE-2025-58142 | 1 Xen | 1 Xen | 2025-11-04 | N/A | 9.8 CRITICAL |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143. | |||||
| CVE-2025-27466 | 1 Xen | 1 Xen | 2025-11-04 | N/A | 9.8 CRITICAL |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143. | |||||
| CVE-2023-23904 | 2025-11-03 | N/A | 6.1 MEDIUM | ||
| NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-27658 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-21 | N/A | 6.5 MEDIUM |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-27662 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-15 | N/A | 6.5 MEDIUM |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-27659 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-03-17 | N/A | 6.5 MEDIUM |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-27661 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-03-17 | N/A | 6.5 MEDIUM |
| D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2023-48727 | 2024-11-21 | N/A | 3.3 LOW | ||
| NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-41082 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-25071 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-11-21 | N/A | 5.6 MEDIUM |
| NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-42879 | 1 Intel | 11 Arc A310, Arc A380, Arc A530m and 8 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-42878 | 1 Intel | 2 Oneapi Hpc Toolkit, Trace Analyzer And Collector | 2024-11-21 | N/A | 2.8 LOW |
| Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-2832 | 1 Blender | 1 Blender | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity. | |||||
| CVE-2022-29508 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | N/A | 6.3 MEDIUM |
| Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36275 | 2024-11-15 | N/A | 6.1 MEDIUM | ||
| NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-28030 | 2024-11-15 | N/A | 2.2 LOW | ||
| NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access. | |||||