Vulnerabilities (CVE)

Filtered by CWE-476
Total 3038 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3194 4 Canonical, Debian, Nodejs and 1 more 4 Ubuntu Linux, Debian Linux, Node.js and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
CVE-2015-2297 1 Libcsoap Project 1 Libcsoap 2024-11-21 5.0 MEDIUM 7.5 HIGH
nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.
CVE-2015-1721 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2024-11-21 7.2 HIGH N/A
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."
CVE-2015-0928 1 Oisf 1 Libhtp 2024-11-21 5.0 MEDIUM 7.5 HIGH
libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVE-2015-0573 1 Linux 1 Linux Kernel 2024-11-21 7.5 HIGH 9.8 CRITICAL
drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.
CVE-2015-0095 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2024-11-21 5.6 MEDIUM N/A
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."
CVE-2015-0003 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2024-11-21 6.9 MEDIUM N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
CVE-2014-9972 1 Google 1 Android 2024-11-21 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.
CVE-2014-9967 1 Google 1 Android 2024-11-21 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
CVE-2014-9949 1 Google 1 Android 2024-11-21 9.3 HIGH 7.8 HIGH
In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.
CVE-2014-9943 1 Google 1 Android 2024-11-21 9.3 HIGH 7.8 HIGH
In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.
CVE-2014-9814 1 Imagemagick 1 Imagemagick 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
CVE-2014-9812 1 Imagemagick 1 Imagemagick 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
CVE-2014-9708 3 Embedthis, Juniper, Oracle 134 Appweb, Ex2200, Ex2200-c and 131 more 2024-11-21 5.0 MEDIUM N/A
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
CVE-2014-9660 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-11-21 7.5 HIGH N/A
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
CVE-2014-9323 4 Canonical, Debian, Firebirdsql and 1 more 4 Ubuntu Linux, Debian Linux, Firebird and 1 more 2024-11-21 5.0 MEDIUM N/A
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
CVE-2014-8241 2 Redhat, Tigervnc 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
CVE-2014-7919 1 Google 1 Android 2024-11-21 5.0 MEDIUM 7.5 HIGH
b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).
CVE-2014-7826 3 Linux, Opensuse, Suse 3 Linux Kernel, Evergreen, Suse Linux Enterprise Server 2024-11-21 7.2 HIGH 7.8 HIGH
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
CVE-2014-5353 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-11-21 3.5 LOW N/A
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.