Total
2401 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9018 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | |||||
CVE-2016-7445 | 2 Opensuse, Uclouvain | 2 Leap, Openjpeg | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. | |||||
CVE-2014-2497 | 6 Canonical, Debian, Oracle and 3 more | 12 Ubuntu Linux, Debian Linux, Solaris and 9 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. | |||||
CVE-2014-3640 | 4 Canonical, Debian, Qemu and 1 more | 7 Ubuntu Linux, Debian Linux, Qemu and 4 more | 2023-12-10 | 2.1 LOW | N/A |
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. | |||||
CVE-2014-9323 | 4 Canonical, Debian, Firebirdsql and 1 more | 4 Ubuntu Linux, Debian Linux, Firebird and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. | |||||
CVE-2014-3469 | 4 Debian, Gnu, Redhat and 1 more | 14 Debian Linux, Gnutls, Libtasn1 and 11 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. | |||||
CVE-2014-3581 | 4 Apache, Canonical, Oracle and 1 more | 9 Http Server, Ubuntu Linux, Enterprise Manager Ops Center and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. | |||||
CVE-2014-2678 | 3 Fedoraproject, Linux, Oracle | 3 Fedora, Linux Kernel, Linux | 2023-12-10 | 4.7 MEDIUM | N/A |
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. | |||||
CVE-2014-9708 | 3 Embedthis, Juniper, Oracle | 134 Appweb, Ex2200, Ex2200-c and 131 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". | |||||
CVE-2014-7826 | 3 Linux, Opensuse, Suse | 3 Linux Kernel, Evergreen, Suse Linux Enterprise Server | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. | |||||
CVE-2015-0003 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2023-12-10 | 6.9 MEDIUM | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
CVE-2014-0198 | 6 Debian, Fedoraproject, Mariadb and 3 more | 9 Debian Linux, Fedora, Mariadb and 6 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | |||||
CVE-2014-9660 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2023-12-10 | 7.5 HIGH | N/A |
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. | |||||
CVE-2014-5077 | 4 Canonical, Linux, Redhat and 1 more | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Eus and 5 more | 2023-12-10 | 7.1 HIGH | N/A |
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | |||||
CVE-2013-7339 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.7 MEDIUM | N/A |
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. | |||||
CVE-2015-0095 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2023-12-10 | 5.6 MEDIUM | N/A |
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." | |||||
CVE-2014-4344 | 3 Debian, Mit, Redhat | 6 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 3 more | 2023-12-10 | 7.8 HIGH | N/A |
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. | |||||
CVE-2014-0101 | 4 Canonical, F5, Linux and 1 more | 27 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 24 more | 2023-12-10 | 7.8 HIGH | N/A |
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. | |||||
CVE-2014-3470 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 11 Fedora, Mariadb, Openssl and 8 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. | |||||
CVE-2014-0190 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Opensuse and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. |