Search
Total
733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15721 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. | |||||
| CVE-2019-9746 | 1 Webmproject | 1 Libwebm | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. | |||||
| CVE-2017-6178 | 1 Usbpcap Project | 1 Usbpcap | 2019-03-13 | 4.6 MEDIUM | 7.8 HIGH |
| The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. | |||||
| CVE-2016-4777 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. | |||||
| CVE-2017-6497 | 1 Imagemagick | 1 Imagemagick | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). | |||||
| CVE-2018-11694 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-11696 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2019-9589 | 1 Glyphandcog | 1 Xpdfreader | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
| There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2017-17997 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | |||||
| CVE-2018-7050 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. | |||||
| CVE-2018-7052 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur. | |||||
| CVE-2019-9031 | 1 Matio Project | 1 Matio | 2019-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c. | |||||
| CVE-2019-9113 | 1 Libming | 1 Ming | 2019-02-25 | 6.8 MEDIUM | 8.8 HIGH |
| Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a. | |||||
| CVE-2019-8382 | 1 Axiosys | 1 Bento4 | 2019-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-8380 | 1 Axiosys | 1 Bento4 | 2019-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in AP4_Track::GetSampleIndexForTimeStampMs() located in Core/Ap4Track.cpp. It can triggered by sending a crafted file to the mp4audioclip binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2018-20751 | 1 Podofo Project | 1 Podofo | 2019-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. | |||||
| CVE-2018-7262 | 2 Fedoraproject, Redhat | 2 Fedora, Ceph | 2019-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | |||||
| CVE-2019-7233 | 1 Libdoc Project | 1 Libdoc | 2019-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. | |||||
| CVE-2019-6137 | 1 Mz-automation | 1 Lib60870 | 2019-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference. | |||||
| CVE-2018-18883 | 1 Xen | 1 Xen | 2019-01-24 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. | |||||
| CVE-2018-18318 | 1 Qiku | 2 360 Mobile Phone N6 Pro, 360 Mobile Phone N6 Pro Firmware | 2019-01-23 | 7.8 HIGH | 7.5 HIGH |
| The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call. | |||||
| CVE-2017-18079 | 1 Linux | 1 Linux Kernel | 2019-01-19 | 7.2 HIGH | 7.8 HIGH |
| drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. | |||||
| CVE-2018-17127 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2019-01-18 | 7.8 HIGH | 7.5 HIGH |
| blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. | |||||
| CVE-2019-5007 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-01-15 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing. | |||||
| CVE-2017-2647 | 1 Linux | 1 Linux Kernel | 2019-01-15 | 7.2 HIGH | 7.8 HIGH |
| The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. | |||||
| CVE-2018-20427 | 1 Libming | 1 Libming | 2019-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132. | |||||
| CVE-2018-20429 | 1 Libming | 1 Libming | 2019-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165. | |||||
| CVE-2018-20426 | 1 Libming | 1 Libming | 2019-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866. | |||||
| CVE-2018-20425 | 1 Libming | 1 Libming | 2019-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file. | |||||
| CVE-2018-20428 | 1 Libming | 1 Libming | 2019-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874. | |||||
| CVE-2018-14747 | 1 Qnap | 1 Qts | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. | |||||
| CVE-2018-19395 | 1 Php | 1 Php | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). | |||||
| CVE-2018-19532 | 1 Podofo Project | 1 Podofo | 2018-12-19 | 6.8 MEDIUM | 8.8 HIGH |
| A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. | |||||
| CVE-2018-19184 | 1 Ethereum | 1 Go Ethereum | 2018-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | |||||
| CVE-2018-19200 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2018-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. | |||||
| CVE-2017-18298 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2018-12-10 | 7.2 HIGH | 7.8 HIGH |
| Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . | |||||
| CVE-2018-18937 | 1 Mz-automation | 1 Libiec61850 | 2018-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c. | |||||
| CVE-2018-15367 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18327 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18328 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18329 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2018-12-04 | 7.2 HIGH | 7.8 HIGH |
| A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-17073 | 1 Bitmap Project | 1 Bitmap | 2018-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. | |||||
| CVE-2018-17293 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files. | |||||
| CVE-2017-18205 | 1 Zsh Project | 1 Zsh | 2018-10-31 | 6.8 MEDIUM | 8.1 HIGH |
| In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. | |||||
| CVE-2016-9448 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. | |||||
| CVE-2018-2912 | 1 Oracle | 1 Goldengate | 2018-10-24 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2914 | 1 Oracle | 1 Goldengate | 2018-10-24 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-15505 | 1 Embedthis | 2 Appweb, Goahead | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. | |||||
| CVE-2018-15504 | 1 Embedthis | 2 Appweb, Goahead | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. | |||||
| CVE-2017-11642 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. | |||||