Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11125 | 1 Xar Project | 1 Xar | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.
|
|||||
| CVE-2017-0546 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.
|
|||||
| CVE-2017-5937 | 1 Virglrenderer Project | 1 Virglrenderer | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
|
The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.
|
|||||
| CVE-2017-16359 | 1 Radare | 1 Radare2 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
|
|||||
| CVE-2017-9217 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
|
|||||
| CVE-2017-16532 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.2 HIGH | 6.6 MEDIUM |
|
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
|
|||||
| CVE-2016-5028 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
|
|||||
| CVE-2014-9812 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
|
|||||
| CVE-2017-8535 | 1 Microsoft | 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerabil ...
Show More |
|||||
| CVE-2017-14626 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
|
|||||
| CVE-2015-2297 | 1 Libcsoap Project | 1 Libcsoap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.
|
|||||
| CVE-2017-14225 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)
|
|||||
| CVE-2016-7053 | 1 Openssl | 1 Openssl | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.
|
|||||
| CVE-2016-10344 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.
|
|||||
| CVE-2017-17465 | 1 K7computing | 1 Antivirus | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.
|
|||||
| CVE-2016-5037 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
|
|||||
| CVE-2016-8884 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
|
|||||
| CVE-2017-2647 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.
|
|||||
| CVE-2017-7994 | 1 Podofo Project | 1 Podofo | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
|
|||||
| CVE-2017-7374 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
|
|||||
| CVE-2017-4938 | 1 Vmware | 2 Fusion, Workstation | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
|
|||||
| CVE-2016-8882 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
|
|||||
| CVE-2017-15306 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
|
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
|
|||||
| CVE-2017-17050 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.
|
|||||
| CVE-2017-15721 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.
|
|||||
| CVE-2017-15232 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
|
|||||
| CVE-2017-14928 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
|
|||||
| CVE-2017-13712 | 1 Lame Project | 1 Lame | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument.
|
|||||
| CVE-2016-8885 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
|
|||||
| CVE-2017-14926 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
|
|||||
| CVE-2017-17701 | 1 K7computing | 1 Antivirus | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.
|
|||||
| CVE-2015-4054 | 1 Pgbouncer | 1 Pgbouncer | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
|
|||||
| CVE-2017-16545 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
|
|||||
| CVE-2017-15022 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.
|
|||||
| CVE-2017-11550 | 1 Libid3tag Project | 1 Libid3tag | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.
|
|||||
| CVE-2016-6561 | 1 Illumos | 1 Illumos | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
illumos smbsrv NULL pointer dereference allows system crash.
|
|||||
| CVE-2016-10129 | 1 Libgit2 Project | 1 Libgit2 | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
|
|||||
| CVE-2017-15600 | 1 Gnu | 1 Libextractor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
|
|||||
| CVE-2017-1000358 | 1 Opendaylight | 1 Opendaylight | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw.
|
|||||
| CVE-2016-2036 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.
|
|||||