3 matches found
Code injection
nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled...
CVE-2020-7950
meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call...
Null pointer dereference
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted rule that is mishandled in the yygetnextbuffer function...