Total
2089 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4594 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference. | |||||
CVE-2011-2525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. | |||||
CVE-2011-2184 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960. | |||||
CVE-2021-4158 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2023-02-12 | N/A | 6.0 MEDIUM |
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | |||||
CVE-2019-10207 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. | |||||
CVE-2019-10140 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). | |||||
CVE-2018-1092 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.1 HIGH | 5.5 MEDIUM |
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. | |||||
CVE-2018-16871 | 3 Linux, Netapp, Redhat | 28 Linux Kernel, Cloud Backup, H300e and 25 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. | |||||
CVE-2017-7475 | 1 Cairographics | 1 Cairo | 2023-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. | |||||
CVE-2017-7502 | 1 Mozilla | 1 Network Security Services | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | |||||
CVE-2017-2634 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2023-02-12 | 7.8 HIGH | 7.5 HIGH |
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. | |||||
CVE-2017-2647 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. | |||||
CVE-2017-15116 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | |||||
CVE-2017-15096 | 1 Gluster | 1 Glusterfs | 2023-02-12 | 2.1 LOW | 3.3 LOW |
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. | |||||
CVE-2017-12193 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. | |||||
CVE-2017-12192 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. | |||||
CVE-2016-9572 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. | |||||
CVE-2016-8646 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. | |||||
CVE-2016-8630 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. | |||||
CVE-2016-6327 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. |