Filtered by CWE-476
Total 5704 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-4352 2 Apache, Redhat 3 Http Server, Enterprise Linux, Rhel Software Collections 2025-04-12 N/A
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
CVE-2014-9116 4 Debian, Mageia, Mutt and 1 more 5 Debian Linux, Mageia, Mutt and 2 more 2025-04-12 N/A
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
CVE-2016-2543 1 Linux 1 Linux Kernel 2025-04-12 N/A
The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.
CVE-2016-1522 5 Debian, Fedoraproject, Mozilla and 2 more 6 Debian Linux, Fedora, Firefox and 3 more 2025-04-12 N/A
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
CVE-2014-3640 4 Canonical, Debian, Qemu and 1 more 8 Ubuntu Linux, Debian Linux, Qemu and 5 more 2025-04-12 N/A
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
CVE-2016-4555 4 Canonical, Oracle, Redhat and 1 more 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more 2025-04-12 N/A
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2015-3146 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-12 N/A
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
CVE-2015-1803 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2025-04-12 N/A
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
CVE-2016-4696 1 Apple 1 Mac Os X 2025-04-12 N/A
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2014-9660 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 N/A
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
CVE-2016-7118 1 Debian 1 Debian Linux 2025-04-12 N/A
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
CVE-2014-6587 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2014-6052 5 Canonical, Debian, Libvncserver and 2 more 5 Ubuntu Linux, Debian Linux, Libvncserver and 2 more 2025-04-12 N/A
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
CVE-2014-5353 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 N/A
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
CVE-2015-7068 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 N/A
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
CVE-2015-3194 5 Canonical, Debian, Nodejs and 2 more 6 Ubuntu Linux, Debian Linux, Node.js and 3 more 2025-04-12 7.5 High
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
CVE-2016-3136 3 Canonical, Linux, Novell 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more 2025-04-12 N/A
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
CVE-2016-9623 1 Tats 1 W3m 2025-04-12 N/A
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2015-7803 3 Apple, Php, Redhat 3 Mac Os X, Php, Rhel Software Collections 2025-04-12 N/A
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.
CVE-2014-5116 1 Cairographics 1 Cairo 2025-04-12 N/A
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.