Total
2742 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-7914 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. | |||||
CVE-2015-8970 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. | |||||
CVE-2016-2369 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability. | |||||
CVE-2015-4054 | 1 Pgbouncer | 1 Pgbouncer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. | |||||
CVE-2016-6866 | 2 Fedoraproject, Suckless | 2 Fedora, Slock | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. | |||||
CVE-2016-8726 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. | |||||
CVE-2016-10087 | 1 Libpng | 1 Libpng | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. | |||||
CVE-2016-9934 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. | |||||
CVE-2016-9294 | 1 Artifex | 1 Mujs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component. | |||||
CVE-2017-6210 | 1 Virglrenderer Project | 1 Virglrenderer | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero). | |||||
CVE-2017-9040 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. | |||||
CVE-2017-6847 | 1 Podofo Project | 1 Podofo | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
CVE-2016-9828 | 1 Libming | 1 Libming | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. | |||||
CVE-2016-9049 | 1 Aerospike | 1 Database Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability. | |||||
CVE-2017-7383 | 1 Podofo Project | 1 Podofo | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||||
CVE-2016-9440 | 1 Tats | 1 W3m | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
CVE-2017-0635 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107. | |||||
CVE-2016-5870 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket. | |||||
CVE-2017-6951 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. | |||||
CVE-2016-2197 | 1 Qemu | 1 Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS. |