Vulnerabilities > NULL Pointer Dereference

DATE CVE VULNERABILITY TITLE RISK
2016-09-20 CVE-2015-8926 NULL Pointer Dereference vulnerability in multiple products
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
local
low complexity
canonical suse libarchive CWE-476
5.5
2016-09-20 CVE-2015-8922 NULL Pointer Dereference vulnerability in multiple products
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
local
low complexity
libarchive novell canonical oracle CWE-476
5.5
2016-09-20 CVE-2015-8917 NULL Pointer Dereference vulnerability in multiple products
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
network
low complexity
debian libarchive canonical CWE-476
7.5
2016-09-20 CVE-2015-8916 NULL Pointer Dereference vulnerability in multiple products
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
network
low complexity
canonical debian libarchive CWE-476
6.5
2016-09-12 CVE-2016-7132 NULL Pointer Dereference vulnerability in PHP
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
network
low complexity
php CWE-476
7.5
2016-09-12 CVE-2016-7131 NULL Pointer Dereference vulnerability in PHP
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
network
low complexity
php CWE-476
7.5
2016-09-12 CVE-2016-7130 NULL Pointer Dereference vulnerability in PHP
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
network
low complexity
php CWE-476
7.5
2016-09-07 CVE-2016-6317 NULL Pointer Dereference vulnerability in Rubyonrails Rails
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
network
low complexity
rubyonrails CWE-476
7.5
2016-08-31 CVE-2016-7118 NULL Pointer Dereference vulnerability in Debian Linux 7.0
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
local
low complexity
debian CWE-476
5.5
2016-08-07 CVE-2015-0573 NULL Pointer Dereference vulnerability in Linux Kernel
drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.
network
low complexity
linux CWE-476
critical
9.8