Search
Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18606 | 3 Debian, Gnu, Netapp | 3 Debian Linux, Binutils, Data Ontap | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | |||||
| CVE-2018-7570 | 1 Gnu | 1 Binutils | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. | |||||
| CVE-2018-18065 | 5 Canonical, Debian, Net-snmp and 2 more | 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more | 2019-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
| CVE-2018-7866 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-9132 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2019-17452 | 1 Axiosys | 1 Bento4 | 2019-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump. | |||||
| CVE-2019-17454 | 1 Axiosys | 1 Bento4 | 2019-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info. | |||||
| CVE-2019-17453 | 1 Axiosys | 1 Bento4 | 2019-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact. | |||||
| CVE-2019-13542 | 1 Codesys | 10 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 7 more | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. | |||||
| CVE-2019-1010162 | 1 Jsish | 1 Jsish | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77. | |||||
| CVE-2018-7525 | 1 Omron | 1 Cx-supervisor | 2019-10-09 | 4.6 MEDIUM | 5.3 MEDIUM |
| In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. | |||||
| CVE-2018-7361 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. | |||||
| CVE-2018-5449 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack. | |||||
| CVE-2018-1130 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | |||||
| CVE-2018-1172 | 1 Squid-cache | 1 Squid | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088. | |||||
| CVE-2018-16851 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. | |||||
| CVE-2018-16852 | 1 Samba | 1 Samba | 2019-10-09 | 3.5 LOW | 4.4 MEDIUM |
| Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service. | |||||
| CVE-2018-14646 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. | |||||
| CVE-2018-10918 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable. | |||||
| CVE-2017-2668 | 2 Fedoraproject, Redhat | 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. | |||||
| CVE-2017-3135 | 4 Debian, Isc, Netapp and 1 more | 10 Debian Linux, Bind, Data Ontap Edge and 7 more | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. | |||||
| CVE-2017-2575 | 1 Libbpg Project | 1 Libbpg | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG. | |||||
| CVE-2017-2635 | 1 Redhat | 1 Libvirt | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. | |||||
| CVE-2017-2586 | 1 Netpbm Project | 1 Netpbm | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash. | |||||
| CVE-2017-12153 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-09 | 4.9 MEDIUM | 4.4 MEDIUM |
| A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. | |||||
| CVE-2016-9600 | 3 Canonical, Jasper Project, Redhat | 8 Ubuntu Linux, Jasper, Enterprise Linux Desktop and 5 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. | |||||
| CVE-2019-15923 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
| CVE-2019-15922 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
| CVE-2017-14863 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2017-17134 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks. | |||||
| CVE-2017-11333 | 1 Xiph.org | 1 Libvorbis | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. | |||||
| CVE-2017-11063 | 1 Google | 1 Android | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur. | |||||
| CVE-2017-1000360 | 1 Opendaylight | 1 Opendaylight | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. | |||||
| CVE-2017-1000358 | 1 Opendaylight | 1 Opendaylight | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw. | |||||
| CVE-2017-8542 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | |||||
| CVE-2017-0635 | 1 Google | 1 Android | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107. | |||||
| CVE-2018-6319 | 1 Sophos | 1 Sophos Tester | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine. | |||||
| CVE-2017-0686 | 1 Google | 1 Android | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231. | |||||
| CVE-2017-8539 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | |||||
| CVE-2019-16349 | 1 Axiosys | 1 Bento4 | 2019-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. | |||||
| CVE-2017-7452 | 1 Entropymine | 1 Imageworsener | 2019-09-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2017-7453 | 1 Entropymine | 1 Imageworsener | 2019-09-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2019-15924 | 1 Linux | 1 Linux Kernel | 2019-09-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. | |||||
| CVE-2019-16164 | 1 Myhtml Project | 1 Myhtml | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. | |||||
| CVE-2019-15757 | 1 Libmirage Project | 1 Libmirage | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. | |||||
| CVE-2019-15291 | 1 Linux | 1 Linux Kernel | 2019-09-06 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. | |||||
| CVE-2019-10140 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2019-09-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). | |||||
| CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | |||||
| CVE-2019-13219 | 1 Stb Vorbis Project | 1 Stb Vorbis | 2019-08-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | |||||
| CVE-2018-20349 | 1 Igraph | 1 Igraph | 2019-08-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object. | |||||