Total
2411 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4047 | 5 Canonical, Debian, F5 and 2 more | 25 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 22 more | 2023-12-10 | 7.8 HIGH | N/A |
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. | |||||
CVE-2015-4443 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4444. | |||||
CVE-2016-4605 | 1 Apple | 1 Iphone Os | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | |||||
CVE-2016-9114 | 1 Uclouvain | 1 Openjpeg | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. | |||||
CVE-2016-6292 | 1 Php | 1 Php | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. | |||||
CVE-2016-6504 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | |||||
CVE-2016-6317 | 1 Rubyonrails | 1 Rails | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. | |||||
CVE-2016-7130 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. | |||||
CVE-2016-7052 | 3 Nodejs, Novell, Openssl | 3 Node.js, Suse Linux Enterprise Module For Web Scripting, Openssl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | |||||
CVE-2016-7160 | 1 Samsung | 1 Samsung Mobile | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. | |||||
CVE-2016-4450 | 3 Canonical, Debian, F5 | 3 Ubuntu Linux, Debian Linux, Nginx | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. | |||||
CVE-2015-7068 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. | |||||
CVE-2016-3821 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152. | |||||
CVE-2015-8926 | 3 Canonical, Libarchive, Suse | 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. | |||||
CVE-2016-7132 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. | |||||
CVE-2015-8917 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. | |||||
CVE-2016-4649 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
CVE-2016-0742 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | |||||
CVE-2016-9117 | 1 Uclouvain | 1 Openjpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||||
CVE-2016-2782 | 2 Linux, Suse | 8 Linux Kernel, Linux Enterprise Debuginfo, Linux Enterprise Desktop and 5 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. |