Total
2405 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1229 | 2 Avaya, Microsoft | 35 Agent Access, Aura Conferencing Standard Edition, Basic Call Management System Reporting Desktop and 32 more | 2023-12-10 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | |||||
CVE-2011-2525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. | |||||
CVE-2011-0709 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. | |||||
CVE-2011-1598 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | N/A |
The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. | |||||
CVE-2011-2691 | 3 Debian, Fedoraproject, Libpng | 3 Debian Linux, Fedora, Libpng | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. | |||||
CVE-2011-1076 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | N/A |
net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. | |||||
CVE-2010-2960 | 3 Canonical, Linux, Suse | 4 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 1 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. | |||||
CVE-2011-2928 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | N/A |
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. | |||||
CVE-2010-2798 | 7 Avaya, Canonical, Debian and 4 more | 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. | |||||
CVE-2010-1148 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.7 MEDIUM | N/A |
The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions. | |||||
CVE-2011-1691 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code. | |||||
CVE-2010-1321 | 7 Canonical, Debian, Fedoraproject and 4 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | |||||
CVE-2010-4576 | 1 Google | 2 Chrome, Chrome Os | 2023-12-10 | 5.0 MEDIUM | N/A |
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker. | |||||
CVE-2008-2812 | 7 Avaya, Canonical, Debian and 4 more | 15 Communication Manager, Expanded Meet-me Conferencing, Intuity Audix Lx and 12 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. | |||||
CVE-2009-1902 | 2 Fedoraproject, Trustwave | 2 Fedora, Modsecurity | 2023-12-10 | 5.0 MEDIUM | N/A |
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference. | |||||
CVE-2009-2287 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-12-10 | 4.9 MEDIUM | N/A |
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function. | |||||
CVE-2008-1672 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2023-12-10 | 4.3 MEDIUM | N/A |
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. | |||||
CVE-2009-3094 | 3 Apache, Debian, Fedoraproject | 3 Http Server, Debian Linux, Fedora | 2023-12-10 | 2.6 LOW | N/A |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. | |||||
CVE-2007-0887 | 1 Gecad Technologies | 1 Axigen Mail Server | 2023-12-10 | 7.8 HIGH | N/A |
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). | |||||
CVE-2007-1327 | 1 Silc | 1 Silc-server | 2023-12-10 | 7.8 HIGH | N/A |
The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm. |