Total
3737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18327 | 1 Trendmicro | 3 Antivirus For Mac 2017, Antivirus For Mac 2018, Antivirus For Mac 2019 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18318 | 1 Qiku | 2 360 Mobile Phone N6 Pro, 360 Mobile Phone N6 Pro Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call. | |||||
| CVE-2018-18227 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | |||||
| CVE-2018-18192 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp. | |||||
| CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | |||||
| CVE-2018-18066 | 2 Net-snmp, Netapp | 7 Net-snmp, Cloud Backup, Data Ontap and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
| CVE-2018-18065 | 5 Canonical, Debian, Net-snmp and 2 more | 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | |||||
| CVE-2018-17893 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. | |||||
| CVE-2018-17794 | 1 Gnu | 1 Binutils | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. | |||||
| CVE-2018-17432 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. | |||||
| CVE-2018-17419 | 1 Dns Library Project | 1 Dns Library | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | |||||
| CVE-2018-17293 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files. | |||||
| CVE-2018-17282 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. | |||||
| CVE-2018-17154 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. | |||||
| CVE-2018-17142 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. | |||||
| CVE-2018-17127 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. | |||||
| CVE-2018-17075 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit. | |||||
| CVE-2018-17073 | 1 Bitmap Project | 1 Bitmap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. | |||||
| CVE-2018-17000 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. | |||||
| CVE-2018-16871 | 3 Linux, Netapp, Redhat | 28 Linux Kernel, Cloud Backup, H300e and 25 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. | |||||