Total
3032 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20125 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | |||||
| CVE-2018-20024 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | |||||
| CVE-2018-20014 | 1 Urbackup | 1 Urbackup | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application. | |||||
| CVE-2018-1302 | 3 Apache, Canonical, Netapp | 6 Http Server, Ubuntu Linux, Clustered Data Ontap and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. | |||||
| CVE-2018-1172 | 1 Squid-cache | 1 Squid | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088. | |||||
| CVE-2018-1130 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | |||||
| CVE-2018-1095 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. | |||||
| CVE-2018-1094 | 3 Canonical, Linux, Redhat | 5 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 2 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. | |||||
| CVE-2018-1092 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. | |||||
| CVE-2018-1066 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | |||||
| CVE-2018-1065 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. | |||||
| CVE-2018-1050 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. | |||||
| CVE-2018-19939 | 1 Mi | 4 Mi A2 Lite, Mi A2 Lite Firmware, Redmi 6 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c. | |||||
| CVE-2018-19935 | 2 Debian, Php | 2 Debian Linux, Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. | |||||
| CVE-2018-19882 | 1 Artifex | 1 Mupdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. | |||||
| CVE-2018-19870 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | |||||
| CVE-2018-19802 | 1 Aubio | 1 Aubio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. | |||||
| CVE-2018-19801 | 1 Aubio | 1 Aubio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. | |||||
| CVE-2018-19797 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. | |||||
| CVE-2018-19757 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. | |||||