Search
Total
1933 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0305 | 1 Cisco | 10 Firepower 9000, Firepower 9000 Firmware, Nexus 5000 and 7 more | 2019-10-09 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL pointer dereference and cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69966, CSCve02435, CSCve04859, CSCve41590, CSCve41593, CSCve41601. | |||||
| CVE-2017-9631 | 1 Schneider Electric | 1 Wonderware Archestra Logger | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable). | |||||
| CVE-2017-3135 | 4 Debian, Isc, Netapp and 1 more | 10 Debian Linux, Bind, Data Ontap Edge and 7 more | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. | |||||
| CVE-2017-2668 | 2 Fedoraproject, Redhat | 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. | |||||
| CVE-2017-2586 | 1 Netpbm Project | 1 Netpbm | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash. | |||||
| CVE-2017-2635 | 1 Redhat | 1 Libvirt | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. | |||||
| CVE-2017-2575 | 1 Libbpg Project | 1 Libbpg | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG. | |||||
| CVE-2017-16728 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. | |||||
| CVE-2017-15120 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service. | |||||
| CVE-2017-12719 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | |||||
| CVE-2017-12153 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-09 | 4.9 MEDIUM | 4.4 MEDIUM |
| A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. | |||||
| CVE-2016-9600 | 3 Canonical, Jasper Project, Redhat | 8 Ubuntu Linux, Jasper, Enterprise Linux Desktop and 5 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. | |||||
| CVE-2019-15922 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
| CVE-2019-15923 | 1 Linux | 1 Linux Kernel | 2019-10-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. | |||||
| CVE-2017-0635 | 1 Google | 1 Android | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107. | |||||
| CVE-2017-1000358 | 1 Opendaylight | 1 Opendaylight | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw. | |||||
| CVE-2017-1000360 | 1 Opendaylight | 1 Opendaylight | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. | |||||
| CVE-2017-17134 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks. | |||||
| CVE-2017-11063 | 1 Google | 1 Android | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur. | |||||
| CVE-2018-14588 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2017-14863 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2017-0686 | 1 Google | 1 Android | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231. | |||||
| CVE-2017-8539 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | |||||
| CVE-2017-5970 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. | |||||
| CVE-2017-11333 | 1 Xiph.org | 1 Libvorbis | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. | |||||
| CVE-2017-8542 | 1 Microsoft | 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | |||||
| CVE-2017-0546 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763. | |||||
| CVE-2018-6319 | 1 Sophos | 1 Sophos Tester | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine. | |||||
| CVE-2017-5149 | 1 St. Jude Medical | 3 Merlin\@home Ex1100, Merlin\@home Ex1150, Merlin\@home Firmware | 2019-10-03 | 6.8 MEDIUM | 8.9 HIGH |
| An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. | |||||
| CVE-2018-3841 | 1 Pixar | 1 Renderman | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | |||||
| CVE-2019-10489 | 1 Qualcomm | 84 Mdm9206, Mdm9206 Firmware, Mdm9607 and 81 more | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | |||||
| CVE-2019-10510 | 1 Qualcomm | 24 Qcs405, Qcs405 Firmware, Qcs605 and 21 more | 2019-10-02 | 8.5 HIGH | 8.2 HIGH |
| BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660 | |||||
| CVE-2019-9279 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382 | |||||
| CVE-2019-9400 | 1 Google | 1 Android | 2019-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509589 | |||||
| CVE-2019-9430 | 1 Google | 1 Android | 2019-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838296 | |||||
| CVE-2019-16349 | 1 Axiosys | 1 Bento4 | 2019-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. | |||||
| CVE-2017-7453 | 1 Entropymine | 1 Imageworsener | 2019-09-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2017-7452 | 1 Entropymine | 1 Imageworsener | 2019-09-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2019-15924 | 1 Linux | 1 Linux Kernel | 2019-09-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. | |||||
| CVE-2019-16164 | 1 Myhtml Project | 1 Myhtml | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. | |||||
| CVE-2019-16161 | 1 K-takata | 1 Onigmo | 2019-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. | |||||
| CVE-2019-15757 | 1 Libmirage Project | 1 Libmirage | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. | |||||
| CVE-2018-7999 | 1 Sil | 1 Graphite2 | 2019-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. | |||||
| CVE-2019-10140 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2019-09-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). | |||||
| CVE-2019-15099 | 1 Linux | 1 Linux Kernel | 2019-09-06 | 7.8 HIGH | 7.5 HIGH |
| drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | |||||
| CVE-2019-15291 | 1 Linux | 1 Linux Kernel | 2019-09-06 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. | |||||
| CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | |||||
| CVE-2018-16004 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-4987 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-19720 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||