Search Results (5012 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0845 2 Mit, Redhat 3 Kerberos, Kerberos 5, Enterprise Linux 2025-04-09 N/A
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
CVE-2008-3597 1 Skulltag 1 Skulltag 2025-04-09 7.5 High
Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
CVE-2008-1672 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2025-04-09 N/A
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
CVE-2008-5006 1 University Of Washington 1 Imap Toolkit 2025-04-09 N/A
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
CVE-2009-4308 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
CVE-2007-0342 2 Apple, Omnigroup 4 Mac Os X, Safari, Webkit and 1 more 2025-04-09 7.5 High
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
CVE-2007-0887 1 Gecad Technologies 1 Axigen Mail Server 2025-04-09 N/A
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
CVE-2007-3731 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function.
CVE-2007-0039 1 Microsoft 1 Exchange Server 2025-04-09 N/A
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
CVE-2009-1386 3 Canonical, Openssl, Redhat 4 Ubuntu Linux, Openssl, Enterprise Linux and 1 more 2025-04-09 N/A
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
CVE-2008-1949 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-09 N/A
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
CVE-2008-3832 2 Linux, Redhat 2 Linux Kernel, Fedora 2025-04-09 N/A
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.
CVE-2023-32008 1 Microsoft 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more 2025-04-08 7.8 High
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-4842 1 Linux 1 Linux Kernel 2025-04-08 5.5 Medium
A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.
CVE-2023-24938 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2025-04-08 6.5 Medium
Windows CryptoAPI Denial of Service Vulnerability
CVE-2024-11706 1 Mozilla 2 Firefox, Thunderbird 2025-04-07 6.5 Medium
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVE-2022-41858 3 Linux, Netapp, Redhat 8 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 5 more 2025-04-07 7.1 High
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
CVE-2025-31115 1 Redhat 1 Enterprise Linux 2025-04-07 7.5 High
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.
CVE-2023-0122 1 Linux 1 Linux Kernel 2025-04-04 7.5 High
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.
CVE-2022-47929 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-04 5.5 Medium
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.