Total
2742 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15102 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-02-28 | 6.9 MEDIUM | 6.3 MEDIUM |
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. | |||||
CVE-2017-15022 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | |||||
CVE-2017-15600 | 1 Gnu | 1 Libextractor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. | |||||
CVE-2017-8539 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | |||||
CVE-2017-4925 | 2 Apple, Vmware | 5 Mac Os X, Esxi, Fusion and 2 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
CVE-2014-9972 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. | |||||
CVE-2017-17997 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | |||||
CVE-2017-16536 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 6.6 MEDIUM |
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
CVE-2017-16545 | 1 Graphicsmagick | 1 Graphicsmagick | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. | |||||
CVE-2017-15015 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | |||||
CVE-2017-17700 | 1 K7computing | 1 Antivirus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. | |||||
CVE-2017-16646 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 6.6 MEDIUM |
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
CVE-2017-18005 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | |||||
CVE-2017-11101 | 1 Swftools | 1 Swftools | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. | |||||
CVE-2017-13686 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. | |||||
CVE-2017-8542 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | |||||
CVE-2017-17465 | 1 K7computing | 1 Antivirus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request. | |||||
CVE-2017-14517 | 1 Freedesktop | 1 Poppler | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | |||||
CVE-2017-16359 | 1 Radare | 1 Radare2 | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. | |||||
CVE-2017-15930 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. |