Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-0772

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Jun, 2005 | 04:00
Updated At-07 Aug, 2024 | 21:28
Rejected At-
Credits

VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Jun, 2005 | 04:00
Updated At:07 Aug, 2024 | 21:28
Rejected At:
▼CVE Numbering Authority (CNA)

VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://securitytracker.com/id?1014273
vdb-entry
x_refsource_SECTRACK
http://seer.support.veritas.com/docs/276533.htm
x_refsource_CONFIRM
http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true
third-party-advisory
x_refsource_IDEFENSE
http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
http://seer.support.veritas.com/docs/277485.htm
x_refsource_CONFIRM
http://secunia.com/advisories/15789
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1014273
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://seer.support.veritas.com/docs/276533.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://seer.support.veritas.com/docs/277485.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/15789
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://securitytracker.com/id?1014273
vdb-entry
x_refsource_SECTRACK
x_transferred
http://seer.support.veritas.com/docs/276533.htm
x_refsource_CONFIRM
x_transferred
http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://seer.support.veritas.com/docs/277485.htm
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/15789
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1014273
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://seer.support.veritas.com/docs/276533.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://seer.support.veritas.com/docs/277485.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/15789
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Jun, 2005 | 04:00
Updated At:16 Apr, 2026 | 00:27

VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Veritas Technologies LLC
veritas
>>backup_exec>>Versions from 9.0(inclusive) to 10.0(inclusive)
cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:windows_server:*:*
Veritas Technologies LLC
veritas
>>backup_exec>>Versions from 9.0.4019(inclusive) to 9.1.307(inclusive)
cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:netware:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://secunia.com/advisories/15789cve@mitre.org
Broken Link
http://securitytracker.com/id?1014273cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://seer.support.veritas.com/docs/276533.htmcve@mitre.org
Broken Link
http://seer.support.veritas.com/docs/277485.htmcve@mitre.org
Broken Link
http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=truecve@mitre.org
Broken Link
Vendor Advisory
http://www.idefense.com/application/poi/display?id=271&type=vulnerabilitiescve@mitre.org
Broken Link
http://secunia.com/advisories/15789af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://securitytracker.com/id?1014273af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://seer.support.veritas.com/docs/276533.htmaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://seer.support.veritas.com/docs/277485.htmaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=trueaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Vendor Advisory
http://www.idefense.com/application/poi/display?id=271&type=vulnerabilitiesaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://secunia.com/advisories/15789
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://securitytracker.com/id?1014273
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://seer.support.veritas.com/docs/276533.htm
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://seer.support.veritas.com/docs/277485.htm
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/15789
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://securitytracker.com/id?1014273
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://seer.support.veritas.com/docs/276533.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://seer.support.veritas.com/docs/277485.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flashstatus=true
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

1022Records found

CVE-2022-42299
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.62% / 45.13%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:49
Updated-03 Aug, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-netbackupn/a
CVE-2022-42306
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 7.24%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:48
Updated-03 Aug, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-netbackupn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-41414
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.35% / 27.16%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 22:04
Updated-21 Oct, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP HTTP/2 vulnerability

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_carrier-grade_natbig-ip_ddos_hybrid_defenderbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_webacceleratorbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_ssl_orchestratorbig-ip_edge_gatewaybig-ip_link_controllerbig-ip_next_cloud-native_network_functionsbig-ip_container_ingress_servicesbig-ip_next_service_proxy_for_kubernetesbig-ip_application_security_managerbig-ip_automation_toolchainbig-ip_domain_name_systembig-ip_application_visibility_and_reportingbig-ip_websafeBIG-IPBIG-IP Next CNFBIG-IP Next SPK
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10708
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.72% / 96.46%
||
7 Day CHG-0.29%
Published-21 Jan, 2018 | 22:00
Updated-29 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Action-Not Available
Vendor-n/aCanonical Ltd.OpenBSDDebian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxubuntu_linuxservice_processordata_ontap_edgestoragegrid_webscaleclustered_data_ontaponcommand_unified_manageropensshcloud_backupstoragegridvasa_providern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20813
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:37
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:58
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10415
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.84% / 53.44%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, dereference of an invalid input parameter could cause a denial of service.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9640_firmwaresd_412sd_617_firmwaresd_808_firmwaresd_400sdx20sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607sd_210sd_820_firmwaresd_650sd_820sd_808sd_450_firmwaresd_800sd_410sd_617sd_400_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sd_412_firmwaremdm9206_firmwaresd_430sd_810sd_835_firmwaremdm9650_firmwaresdx20_firmwaresd_410_firmwaresd_835sd_205sd_600_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresd_600msm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212mdm9640Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-11039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.16%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 13:09
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2002-1912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.30% / 87.01%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.

Action-Not Available
Vendor-skystreamn/a
Product-emr5000n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 39.98%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:13
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-41691
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.20%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 08:04
Updated-04 Aug, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Control DoS via Unauthenticated NULL Pointer Dereference

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-Control for BeagleBone SLControl RTE (SL)Control for PFC200 SLControl for WAGO Touch Panels 600 SLControl for Linux SLControl for PLCnext SLControl for Linux ARM SLControl for emPC-A/iMX6 SLControl for PFC100 SLControl Win (SL)Control for IOT2000 SLControl for Raspberry Pi SLControl RTE (for Beckhoff CX) SLVirtual Control SLHMI (SL)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.88% / 92.31%
||
7 Day CHG~0.00%
Published-24 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.48% / 82.65%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 05:44
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.

Action-Not Available
Vendor-virustotaln/a
Product-yaran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.95% / 85.47%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 04:21
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.

Action-Not Available
Vendor-lustren/a
Product-lustren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10087
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.52% / 91.84%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

Action-Not Available
Vendor-libpngn/a
Product-libpngn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10129
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.61% / 88.07%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

Action-Not Available
Vendor-libgit2_projectn/a
Product-libgit2n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:53
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10132
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-2.16% / 79.95%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.

Action-Not Available
Vendor-n/aArtifex Software Inc.Fedora Project
Product-mujsfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-8850
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.96%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:54
Updated-26 May, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelaixhttp_serverz\/osHTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-8180
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 23.72%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:20
Updated-28 May, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash.

Action-Not Available
Vendor-IBM Corporation
Product-Aspera High-Speed Transfer EndpointAspera High-Speed Transfer Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10250
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.98% / 89.23%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.

Action-Not Available
Vendor-n/aJasPer
Product-jaspern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-0742
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-81.96% / 99.61%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEF5, Inc.Red Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxxcodesoftware_collectionsleapnginxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20824
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:59
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-8360
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 19.27%
||
7 Day CHG~0.00%
Published-Not Available
Updated-29 May, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced.

Action-Not Available
Vendor-
Product-
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-7376
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 9.18%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 05:04
Updated-06 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in Wireshark

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10189
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.04% / 89.37%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.

Action-Not Available
Vendor-bitlbeen/a
Product-bitlbee-libpurplebitlbeen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.62% / 73.11%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:46
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-6666
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-5.9||MEDIUM
EPSS-0.37% / 28.86%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 00:43
Updated-14 May, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PgBouncer crash in kill_pool_logins_server_error

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

Action-Not Available
Vendor-pgbouncern/a
Product-pgbouncerPgBouncer
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.04% / 89.37%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.

Action-Not Available
Vendor-n/aJasPer
Product-jaspern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-0049
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-2.21% / 80.43%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 18:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash.

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345qfx3600srx5800srx110srx4000ex2200-vcnfx150srx550_hmsrx220srx240h2qfx5110ex6200qfx10002-72qex3300ex3400srx5400srx100srx3400srx300srx550ex2200qfx5200junosex4550-vcex8200srx240mqfx10000srx210ex3300-vcex4550ex3200srx1500ex8200-vcqfx3500srx380srx4200ex4200srx340qfx10008qfx10002srx4100qfx10002-32qsrx240srx3600qfx10016qfx5100srx5000ex4300ex2300srx1400ex4600srx320nfx250srx5600srx650srx4600qfx10002-60csrx550mJunos OS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-8917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.30% / 89.94%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

Action-Not Available
Vendor-n/aCanonical Ltd.libarchiveDebian GNU/Linux
Product-debian_linuxlibarchiveubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-41433
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.36% / 27.76%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 22:04
Updated-21 Oct, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SIP ALG profile vulnerability

When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_carrier-grade_natbig-ip_ddos_hybrid_defenderbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_webacceleratorbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_ssl_orchestratorbig-ip_edge_gatewaybig-ip_link_controllerbig-ip_container_ingress_servicesbig-ip_application_security_managerbig-ip_automation_toolchainbig-ip_domain_name_systembig-ip_application_visibility_and_reportingbig-ip_websafeBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 39.98%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:14
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:48
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-20820
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 15:48
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.54%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 13:48
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.

Action-Not Available
Vendor-embedthisn/a
Product-appwebn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-57873
Matching Score-4
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-4
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-7.5||HIGH
EPSS-0.21% / 10.80%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.81% / 93.22%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:43
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-25735
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.56%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference in MODEM

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwarewsa8830ssg2125psxr2230p_firmwarewcd9330wcn6856_firmwarecsra6620qca4024_firmwarewsa8835sxr1230p_firmwarewcd9380csra6620_firmwaressg2125p_firmwaressg2115pmdm9206csra6640_firmwarewcn6855_firmwaresxr1230pwcd9335_firmwarewcn3980wcn3998wcd9385_firmwaremdm9205mdm9206_firmwarewsa8815sxr2230pqca4020wcn7850wcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwaremdm9207wcd9306mdm8207wcn3999wcn7851ar8031_firmwarewsa8832_firmwareqca4004_firmwaremdm9607_firmwareqcs405qts110mdm9607wcd9306_firmwarewsa8810_firmwarewsa8810wsa8832qca4020_firmwarewcn6855wcd9335wcn7851_firmwarewcn6856wcd9385ar8031qcs405_firmwaremdm8207_firmwaremdm9205_firmwareqca4024mdm9207_firmwareqca4004csra6640wsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwareqts110_firmwareSnapdragonwcd9380_firmwaresxr2230p_firmwarear8031_firmwarewsa8832_firmwarewcn6856_firmwareqca4004_firmwaremdm9607_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwareqca4020_firmwaressg2125p_firmwarecsra6620_firmwarewcn7851_firmwarewcn6855_firmwarecsra6640_firmwareqcs405_firmwarewcd9335_firmwaremdm8207_firmwaremdm9205_firmwarewcd9385_firmwaremdm9206_firmwaremdm9207_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwaressg2115p_firmwarewcn3999_firmwarewcn3998_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.60%
||
7 Day CHG~0.00%
Published-19 Aug, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.

Action-Not Available
Vendor-nicolas_boullisn/aDebian GNU/Linux
Product-debian_linuxmah-jongn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-55204
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.43% / 34.64%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 16:05
Updated-26 Jun, 2026 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.

Action-Not Available
Vendor-haproxyhaproxy
Product-haproxyhaproxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.48% / 82.59%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 16:34
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.

Action-Not Available
Vendor-n/aFedora ProjectDovecot
Product-fedoradovecotn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-8270
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.16% / 86.38%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).

Action-Not Available
Vendor-rtmpdump_projectn/a
Product-rtmpdumpn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0119
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-39.62% / 98.44%
||
7 Day CHG~0.00%
Published-16 Apr, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2003windows_2000n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19880
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.94% / 93.33%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-enterprise_linux_serversinec_infrastructure_network_servicesdebian_linuxcloud_backupsqlitelinux_enterpriseenterprise_linux_workstationpackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 56.79%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:33
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

Action-Not Available
Vendor-proftpdn/a
Product-proftpdn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.89% / 92.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.

Action-Not Available
Vendor-etherealn/a
Product-etherealn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-52.49% / 98.83%
||
7 Day CHG~0.00%
Published-17 Apr, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

Action-Not Available
Vendor-n/aRealNetworks LLC
Product-helix_universal_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.54% / 94.86%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Action-Not Available
Vendor-sco4dstonesoftlitebluecoatneoterissecurecomputingtarantellan/aApple Inc.HP Inc.Symantec CorporationDell Inc.VMware (Broadcom Inc.)Cisco Systems, Inc.Silicon Graphics, Inc.FreeBSD FoundationAvaya LLCCheck Point Software Technologies Ltd.Red Hat, Inc.OpenBSDNovellOpenSSLSun Microsystems (Oracle Corporation)
Product-sg200serverclusteraccess_registrarimanagerinstant_virtual_extranetstonebeat_webclustercontent_services_switch_11500enterprise_linuxopenservermds_9000hp-uxiosprovider-1edirectorycall_managermac_os_x_serverstonebeat_fullclusterlinuxpropackfreebsdintuity_audixstonegate_vpn_clientcrypto_accelerator_4000speed_technologies_litespeed_web_serverproxysggss_4490_global_site_selectorvsuenterprise_linux_desktopapache-based_web_serverstonebeat_securityclusterfirewall-1wbemgsx_serversg208ciscoworks_common_serviceswebnsstonegateconverged_communications_serverpix_firewallmac_os_xvpn-1application_and_content_networking_softwarefirewall_services_modulesg203sidewinderbsafe_ssl-jwebstaraaa_servertarantella_enterpriseokena_stormwatchsecure_content_acceleratoropenbsdcss_secure_content_accelerators8500threat_responseopensslciscoworks_common_management_foundationsg5s8700gss_4480_global_site_selectorpix_firewall_softwareclientless_vpn_gateway_4400cacheos_ca_sacss11000_content_services_switchs8300n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-18976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.68% / 93.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 16:59
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-certified_asteriskasteriskdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 20
  • 21
  • Next
Details not found