Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18210 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
|
|||||
| CVE-2017-18209 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
|
|||||
| CVE-2017-18205 | 1 Zsh Project | 1 Zsh | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
|
|||||
| CVE-2017-18199 | 1 Gnu | 1 Libcdio | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
|
|||||
| CVE-2017-18189 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
|
|||||
| CVE-2017-18079 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
|
|||||
| CVE-2017-18013 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
|
|||||
| CVE-2017-17770 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur.
|
|||||
| CVE-2017-17294 | 1 Huawei | 52 Ar120-s, Ar120-s Firmware, Ar1200 and 49 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V ...
Show More |
|||||
| CVE-2017-17255 | 1 Huawei | 90 Ar120-s, Ar120-s Firmware, Ar1200 and 87 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007 ...
Show More |
|||||
| CVE-2017-17254 | 1 Huawei | 90 Ar120-s, Ar120-s Firmware, Ar1200 and 87 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007 ...
Show More |
|||||
| CVE-2017-17251 | 1 Huawei | 90 Ar120-s, Ar120-s Firmware, Ar1200 and 87 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007 ...
Show More |
|||||
| CVE-2017-17224 | 1 Huawei | 2 Hg655m, Hg655m Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
|
|||||
| CVE-2017-17135 | 1 Huawei | 48 Dp300, Dp300 Firmware, Ips Module and 45 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R00 ...
Show More |
|||||
| CVE-2017-17134 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks.
|
|||||
| CVE-2017-17133 | 1 Huawei | 2 Vp9660, Vp9660 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Huawei VP9660 V500R002C10 has a null pointer reference vulnerability in license module due to insufficient verification. An authenticated local attacker could place a malicious license file into system which cause memory null pointer accessing and related processing crash. The attacker can exploit this vulnerability to cause a denial of service.
|
|||||
| CVE-2017-16914 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
|
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
|
|||||
| CVE-2017-16728 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
|
|||||
| CVE-2017-15846 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted pointer dereference may potentially occur.
|
|||||
| CVE-2017-15833 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.
|
|||||
| CVE-2017-15120 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
|
|||||
| CVE-2017-14437 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability.
|
|||||
| CVE-2017-14436 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability.
|
|||||
| CVE-2017-14435 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability.
|
|||||
| CVE-2017-13291 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.
|
|||||
| CVE-2017-13235 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.
|
|||||
| CVE-2017-12627 | 1 Apache | 1 Xerces-c\+\+ | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
|
|||||
| CVE-2017-12545 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
|
|||||
| CVE-2017-12472 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc.
|
|||||
| CVE-2017-12464 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.
|
|||||
| CVE-2017-12380 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL point ...
Show More |
|||||
| CVE-2017-12130 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.
|
|||||
| CVE-2017-12124 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.
|
|||||
| CVE-2017-1000471 | 1 Embedthis | 1 Goahead | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
|
|||||
| CVE-2017-1000460 | 3 Ffmpeg, Google, Libav | 3 Ffmpeg, Chrome, Libav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
|
|||||
| CVE-2017-1000445 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
|
|||||
| CVE-2016-9600 | 3 Canonical, Jasper Project, Redhat | 8 Ubuntu Linux, Jasper, Enterprise Linux Desktop and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
|
|||||
| CVE-2016-9572 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
|
|||||
| CVE-2016-9570 | 1 Carbonblack | 1 Carbon Black | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.
|
|||||
| CVE-2016-8626 | 1 Redhat | 4 Ceph, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
|
|||||