U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): dereference
  • Search Type: Search All
There are 3,228 matching records.
Displaying matches 3,041 through 3,060.
Vuln ID Summary CVSS Severity
CVE-2006-5820

The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.

Published: April 02, 2007; 6:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-1648

0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference.

Published: March 23, 2007; 8:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1650

pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference.

Published: March 23, 2007; 8:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1547

The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.

Published: March 20, 2007; 6:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1496

nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.

Published: March 16, 2007; 6:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-1000

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.

Published: March 12, 2007; 7:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-1420

MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.

Published: March 12, 2007; 7:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-1388

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.

Published: March 10, 2007; 2:19:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2007-1327

The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.

Published: March 07, 2007; 4:19:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1306

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

Published: March 06, 2007; 7:19:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1308

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

Published: March 06, 2007; 7:19:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1239

Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.

Published: March 03, 2007; 2:19:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

Published: March 02, 2007; 4:18:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-7066

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Published: March 02, 2007; 4:18:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-1094

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

Published: February 26, 2007; 12:28:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-7030

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.

Published: February 22, 2007; 10:28:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0887

axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).

Published: February 12, 2007; 6:28:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-0822

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.

Published: February 07, 2007; 3:28:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2007-0811

Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.

Published: February 07, 2007; 6:28:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0816

The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.

Published: February 07, 2007; 6:28:00 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM