There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service.
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk.
When mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
This vulnerability require that the TCP/IP-stack is assigned a multicast address the API intended for assigning unicast addresses or something with the same logical flaw is a prerequisite. This vulnerability requires that at least one IPv4 multicast address has been assigned to the target in an incorrect way, i.e., using the API intended for assigning unicast addresses. It is not possible to exploit for multicast addresses added with the proper API, i.e., setsockopt(). An attacker may use CVE-2019-12264 to incorrectly assign a multicast IP address. An attacker on the same LAN as the victim system may use this vulnerability to cause a NULL pointer dereference, which most likely will crash the tNet0 task.
A user with read access to the LDAP server can crash the LDAP server process. Depending on the Samba version and the choice of process model, this may crash only the user's own connection.
The (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. An authenticated user can crash the RPC server process via a NULL pointer de-reference.
A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends a specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system.
A crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference. Note for this attack to work, the sending system must be on an address from which the target ntpd(8) accepts mode 6 packets, and must use a private key that is specifically listed as being used for mode 6 authorization.