Total
2089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7225 | 1 Gnu | 1 Binutils | 2018-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | |||||
| CVE-2017-7209 | 1 Gnu | 1 Binutils | 2018-01-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. | |||||
| CVE-2017-15939 | 1 Gnu | 1 Binutils | 2018-01-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. | |||||
| CVE-2017-15023 | 1 Gnu | 1 Binutils | 2018-01-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. | |||||
| CVE-2017-7207 | 1 Artifex | 1 Ghostscript | 2018-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | |||||
| CVE-2017-5023 | 1 Google | 1 Chrome | 2018-01-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. | |||||
| CVE-2016-9813 | 1 Gstreamer | 1 Gstreamer | 2018-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | |||||
| CVE-2016-8885 | 1 Jasper Project | 1 Jasper | 2018-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. | |||||
| CVE-2016-8884 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2018-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. | |||||
| CVE-2016-5423 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2018-01-04 | 6.5 MEDIUM | 8.3 HIGH |
| PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. | |||||
| CVE-2017-6951 | 1 Linux | 1 Linux Kernel | 2018-01-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. | |||||
| CVE-2016-6292 | 1 Php | 1 Php | 2018-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. | |||||
| CVE-2016-7130 | 1 Php | 1 Php | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. | |||||
| CVE-2017-7507 | 1 Gnu | 1 Gnutls | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. | |||||
| CVE-2016-7914 | 1 Linux | 1 Linux Kernel | 2018-01-04 | 7.1 HIGH | 5.5 MEDIUM |
| The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. | |||||
| CVE-2015-8916 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2018-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. | |||||
| CVE-2015-8956 | 2 Google, Linux | 2 Android, Linux Kernel | 2018-01-04 | 3.6 LOW | 6.1 MEDIUM |
| The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. | |||||
| CVE-2015-8926 | 3 Canonical, Libarchive, Suse | 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more | 2018-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. | |||||
| CVE-2015-8917 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. | |||||
| CVE-2017-17439 | 2 Debian, Heimdal Project | 2 Debian Linux, Heimdal | 2017-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. | |||||