Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16329 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
|
|||||
| CVE-2018-16328 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
|
|||||
| CVE-2018-16004 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2018-15937 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2018-15931 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2018-15930 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2018-15864 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
|
|||||
| CVE-2018-15863 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
|
|||||
| CVE-2018-15862 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
|
|||||
| CVE-2018-15861 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
|
|||||
| CVE-2018-15859 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
|
|||||
| CVE-2018-15858 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
|
|||||
| CVE-2018-15855 | 2 Canonical, Xkbcommon Project | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
|
|||||
| CVE-2018-15854 | 2 Canonical, Xkbcommon Project | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
|
|||||
| CVE-2018-15733 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a NULL Pointer Dereference vulnerability due to not validating the size of the output buffer value from IOCtl 0x80002028.
|
|||||
| CVE-2018-15505 | 2 Embedthis, Juniper | 3 Appweb, Goahead, Junos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
|
|||||
| CVE-2018-15504 | 2 Embedthis, Juniper | 134 Appweb, Goahead, Ex2200 and 131 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
|
|||||
| CVE-2018-15367 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2018-14884 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.
|
|||||
| CVE-2018-14853 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
|
A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.
|
|||||
| CVE-2018-14811 | 1 Fujielectric | 2 V-server, V-server Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
|
|||||
| CVE-2018-14747 | 1 Qnap | 1 Qts | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.
|
|||||
| CVE-2018-14737 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.
|
|||||
| CVE-2018-14646 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
|
|||||
| CVE-2018-14617 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
|
|||||
| CVE-2018-14616 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
|
|||||
| CVE-2018-14614 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.
|
|||||
| CVE-2018-14613 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.
|
|||||
| CVE-2018-14612 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c.
|
|||||
| CVE-2018-14609 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.
|
|||||
| CVE-2018-14588 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
|
|||||
| CVE-2018-14562 | 1 Thunlp | 1 Thulac | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.
|
|||||
| CVE-2018-14553 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
|
|||||
| CVE-2018-14543 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.
|
|||||
| CVE-2018-14471 | 1 Gnu | 1 Libredwg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
|
|||||
| CVE-2018-14448 | 1 Untrunc Project | 1 Untrunc | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav.
|
|||||
| CVE-2018-14332 | 1 Clementine-player | 1 Clementine | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.
|
|||||
| CVE-2018-13903 | 1 Qualcomm | 22 Apq8053, Apq8053 Firmware, Mdm9205 and 19 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150
|
|||||
| CVE-2018-13458 | 1 Nagios | 1 Nagios Core | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
|
|||||
| CVE-2018-13457 | 1 Nagios | 1 Nagios Core | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
|
|||||