Total
2983 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1387 | 3 Canonical, Openssl, Redhat | 3 Ubuntu Linux, Openssl, Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | |||||
CVE-2009-3094 | 3 Apache, Debian, Fedoraproject | 3 Http Server, Debian Linux, Fedora | 2024-02-28 | 2.6 LOW | N/A |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. | |||||
CVE-2008-3597 | 1 Skulltag | 1 Skulltag | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | |||||
CVE-2009-2287 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function. | |||||
CVE-2007-0887 | 1 Gecad Technologies | 1 Axigen Mail Server | 2024-02-28 | 7.8 HIGH | N/A |
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). | |||||
CVE-2007-0039 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 7.8 HIGH | N/A |
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. | |||||
CVE-2006-4343 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2024-02-28 | 4.3 MEDIUM | N/A |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | |||||
CVE-2007-1327 | 1 Silc | 1 Silc-server | 2024-02-28 | 7.8 HIGH | N/A |
The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm. | |||||
CVE-2006-6565 | 1 Filezilla-project | 1 Filezilla Server | 2024-02-28 | 4.0 MEDIUM | N/A |
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. | |||||
CVE-2005-2459 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 5.0 MEDIUM | N/A |
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. | |||||
CVE-2006-2661 | 3 Canonical, Debian, Freetype | 3 Ubuntu Linux, Debian Linux, Freetype | 2024-02-28 | 5.0 MEDIUM | N/A |
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. | |||||
CVE-2005-0772 | 1 Veritas | 1 Backup Exec | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. | |||||
CVE-2005-3274 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-28 | 1.2 LOW | 4.7 MEDIUM |
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | |||||
CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
CVE-2003-1000 | 1 Xchat | 1 Xchat | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | |||||
CVE-2004-0365 | 1 Ethereal | 1 Ethereal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. | |||||
CVE-2001-1559 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. | |||||
CVE-2004-0119 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2024-02-28 | 7.5 HIGH | 7.5 HIGH |
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. | |||||
CVE-2004-0458 | 2 Debian, Nicolas Boullis | 2 Debian Linux, Mah-jong | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. | |||||
CVE-2004-0389 | 1 Realnetworks | 1 Helix Universal Server | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests. |