Filtered by CWE-476
Total 5704 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-0288 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Enterprise Web Server and 1 more 2025-04-12 N/A
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
CVE-2015-4644 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Software Collections 2025-04-12 N/A
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
CVE-2014-6053 4 Canonical, Debian, Libvncserver and 1 more 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more 2025-04-12 N/A
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2016-9888 1 Gnome 1 Libgsf 2025-04-12 N/A
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
CVE-2016-7418 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-12 N/A
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
CVE-2016-7131 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-12 7.5 High
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
CVE-2016-5423 3 Debian, Postgresql, Redhat 5 Debian Linux, Postgresql, Enterprise Linux and 2 more 2025-04-12 N/A
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
CVE-2016-7080 2 Apple, Vmware 2 Mac Os X, Tools 2025-04-12 N/A
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
CVE-2016-7079 2 Apple, Vmware 2 Mac Os X, Tools 2025-04-12 N/A
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
CVE-2016-9313 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.
CVE-2015-0253 4 Apache, Apple, Oracle and 1 more 6 Http Server, Mac Os X, Mac Os X Server and 3 more 2025-04-12 N/A
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
CVE-2015-8630 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-12 N/A
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
CVE-2015-8922 5 Canonical, Libarchive, Novell and 2 more 7 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 4 more 2025-04-12 N/A
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
CVE-2014-9116 4 Debian, Mageia, Mutt and 1 more 5 Debian Linux, Mageia, Mutt and 2 more 2025-04-12 N/A
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
CVE-2016-6692 1 Google 1 Android 2025-04-12 N/A
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.
CVE-2014-6587 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2015-1721 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."
CVE-2014-7826 4 Linux, Opensuse, Redhat and 1 more 5 Linux Kernel, Evergreen, Enterprise Linux and 2 more 2025-04-12 7.8 High
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
CVE-2015-8917 4 Canonical, Debian, Libarchive and 1 more 4 Ubuntu Linux, Debian Linux, Libarchive and 1 more 2025-04-12 N/A
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVE-2015-8916 4 Canonical, Debian, Libarchive and 1 more 4 Ubuntu Linux, Debian Linux, Libarchive and 1 more 2025-04-12 N/A
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.