Vulnerabilities (CVE)

Filtered by CWE-476
Total 2357 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15854 2 Canonical, Xkbcommon Project 2 Ubuntu Linux, Xkbcommon 2023-12-10 2.1 LOW 5.5 MEDIUM
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
CVE-2018-14471 1 Gnu 1 Libredwg 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
CVE-2017-15120 2 Debian, Powerdns 2 Debian Linux, Recursor 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
CVE-2019-5914 1 Nttdocomo 2 V20 Pro L-01j, V20 Pro L-01j Firmware 2023-12-10 5.7 MEDIUM 5.3 MEDIUM
V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.
CVE-2018-18329 1 Trendmicro 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 2023-12-10 7.2 HIGH 7.8 HIGH
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-2914 1 Oracle 1 Goldengate 2023-12-10 5.0 MEDIUM 7.5 HIGH
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-16657 2 Debian, Kamailio 2 Debian Linux, Kamailio 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.
CVE-2019-8357 1 Sound Exchange Project 1 Sound Exchange 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
CVE-2018-2912 1 Oracle 1 Goldengate 2023-12-10 5.0 MEDIUM 7.5 HIGH
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-14747 1 Qnap 1 Qts 2023-12-10 5.0 MEDIUM 7.5 HIGH
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.
CVE-2018-20195 1 Audiocoding 1 Freeware Advanced Audio Decoder 2 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-2018-19532 1 Podofo Project 1 Podofo 2023-12-10 6.8 MEDIUM 8.8 HIGH
A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.
CVE-2018-18328 1 Trendmicro 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 2023-12-10 7.2 HIGH 7.8 HIGH
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-14588 1 Axiosys 1 Bento4 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
CVE-2019-9214 2 Debian, Wireshark 2 Debian Linux, Wireshark 2023-12-10 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
CVE-2018-11904 1 Google 1 Android 2023-12-10 7.2 HIGH 7.8 HIGH
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer.
CVE-2018-19208 3 Libwpd Project, Redhat, Suse 3 Libwpd, Enterprise Linux, Suse Linux Enterprise Server 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
CVE-2019-5668 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2023-12-10 7.2 HIGH 7.8 HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges.
CVE-2018-18066 2 Net-snmp, Netapp 7 Net-snmp, Cloud Backup, Data Ontap and 4 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-6116 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.