Total
3796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8750 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. | |||||
| CVE-2017-13686 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. | |||||
| CVE-2017-15232 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | |||||
| CVE-2017-12781 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | |||||
| CVE-2017-14318 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct. | |||||
| CVE-2017-15016 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | |||||
| CVE-2017-14121 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references. | |||||
| CVE-2017-7383 | 1 Podofo Project | 1 Podofo | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||||
| CVE-2015-9100 | 1 Lame Project | 1 Lame | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | |||||
| CVE-2015-8270 | 1 Rtmpdump Project | 1 Rtmpdump | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). | |||||
| CVE-2015-9000 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2017-15022 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | |||||
| CVE-2017-15017 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | |||||
| CVE-2017-3730 | 2 Openssl, Oracle | 7 Openssl, Agile Engineering Data Management, Communications Application Session Controller and 4 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. | |||||
| CVE-2017-9347 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. | |||||
| CVE-2017-12920 | 1 Libfpx Project | 1 Libfpx | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |||||
| CVE-2017-14406 | 1 Mp3gain | 1 Mp3gain | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | |||||
| CVE-2017-5970 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. | |||||
| CVE-2017-4938 | 1 Vmware | 2 Fusion, Workstation | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
| VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | |||||
| CVE-2017-14149 | 1 Embedthis | 1 Goahead | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | |||||