Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-2036

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Apr, 2017 | 16:00
Updated At-05 Aug, 2024 | 23:17
Rejected At-
Credits

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Apr, 2017 | 16:00
Updated At:05 Aug, 2024 | 23:17
Rejected At:
▼CVE Numbering Authority (CNA)

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001
x_refsource_MISC
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Apr, 2017 | 16:59
Updated At:13 May, 2026 | 00:24

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Samsung
samsung
>>galaxy_s6_firmware>>g920fxxu2coh2
cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s6>>-
cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_note_3_firmware>>n9005xxugbob6
cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_note_3>>-
cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001cve@mitre.org
Exploit
Technical Description
Third Party Advisory
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001af854a3a-2127-422b-91ae-364da2661108
Exploit
Technical Description
Third Party Advisory
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001
Source: cve@mitre.org
Resource:
Exploit
Technical Description
Third Party Advisory
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Technical Description
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

215Records found

CVE-2021-25491
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-2.3||LOW
EPSS-0.10% / 1.08%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-28790
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.20% / 9.92%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:42
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-link_to_windows_serviceLink to Windows Service
CWE ID-CWE-287
Improper Authentication
CVE-2019-12087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 31.19%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 02:52
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact.

Action-Not Available
Vendor-n/aSamsung
Product-s9\+s9\+_firmwarexcover_4_firmwarexcover_4s10s10_firmwaren/a
CWE ID-CWE-399
Not Available
CVE-2021-25343
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.22% / 12.01%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 21:03
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-287
Improper Authentication
CVE-2015-7895
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.07% / 60.83%
||
7 Day CHG~0.00%
Published-27 Jun, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

Action-Not Available
Vendor-n/aSamsung
Product-samsung_mobilegalaxy_s6n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-9278
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 32.75%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_fimg2d_drivern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.

Action-Not Available
Vendor-n/aSamsung
Product-samsung_mobilen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7898
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.84% / 53.53%
||
7 Day CHG~0.00%
Published-27 Jun, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

Action-Not Available
Vendor-n/aSamsung
Product-samsung_mobilegalaxy_s6n/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-25342
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.22% / 12.01%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 21:03
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSMP sdk
CWE ID-CWE-287
Improper Authentication
CVE-2021-25506
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.19% / 8.80%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 02:03
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-healthSamsung Health
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-25339
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 1.83%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 21:00
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_9830Samsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25341
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.22% / 12.01%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 21:02
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-s_assistantS Assistant
CWE ID-CWE-287
Improper Authentication
CVE-2012-3806
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.65% / 88.24%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 21:34
Updated-06 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-kiesn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-36622
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.38%
||
7 Day CHG+0.04%
Published-01 Sep, 2022 | 20:04
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-36621
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.38%
||
7 Day CHG+0.04%
Published-01 Sep, 2022 | 20:04
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-39829
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.50%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 03:43
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-46922
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 41.13%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-20 Jun, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_2400_firmwareexynos_1480_firmwareexynos_2400n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-28068
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 14.03%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-26 Jun, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves a NULL pointer dereference which can cause abnormal termination of a mobile phone via a manipulated packet.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1080exynos_2200exynos_9820exynos_w920_firmwareexynos_2400_firmwareexynos_980exynos_9825exynos_modem_5300_firmwareexynos_980_firmwareexynos_1380_firmwareexynos_2100_firmwareexynos_9820_firmwareexynos_1080_firmwareexynos_9110exynos_modem_5300exynos_2100exynos_990exynos_1280exynos_modem_5123_firmwareexynos_1380exynos_2400exynos_w930exynos_850exynos_2200_firmwareexynos_1330exynos_850_firmwareexynos_1280_firmwareexynos_modem_5123exynos_w920exynos_9825_firmwareexynos_1330_firmwareexynos_9110_firmwareexynos_w930_firmwareexynos_990_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-25073
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 30.55%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 00:00
Updated-01 Jul, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the CC (Call Control module), which can lead to Denial of Service (Untrusted Pointer Dereference).

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_9825_firmwareexynos_modem_5123_firmwareexynos_2200exynos_w920_firmwareexynos_modem_5300exynos_1330_firmwareexynos_990exynos_850_firmwareexynos_w930_firmwareexynos_1280exynos_980exynos_990_firmwareexynos_9110_firmwareexynos_1080_firmwareexynos_9820exynos_1380exynos_9110exynos_9825exynos_850exynos_1080exynos_w930exynos_2100exynos_1280_firmwareexynos_9820_firmwareexynos_1330exynos_980_firmwareexynos_2200_firmwareexynos_modem_5123exynos_w920exynos_2100_firmwareexynos_modem_5300_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-23100
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.96%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1280_firmwareexynos_1480_firmwareexynos_1380exynos_1280exynos_1380_firmwareexynos_2200exynos_2200_firmwareexynos_2400_firmwareexynos_1480n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-47307
Matching Score-6
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-6
Assigner-Samsung TV & Appliance
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 9.23%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 02:51
Updated-02 Jun, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

Action-Not Available
Vendor-Samsung Open SourceSamsung
Product-walrusWalrus
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-47308
Matching Score-6
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-6
Assigner-Samsung TV & Appliance
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.08%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 04:17
Updated-02 Jun, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

Action-Not Available
Vendor-Samsung Open SourceSamsung
Product-walrusWalrus
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-37368
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.46% / 36.76%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_850_firmwareexynos_9820_firmwareexynos_980_firmwareexynos_1330exynos_auto_t5123exynos_9610exynos_1330_firmwareexynos_9810_firmwareexynos_2100exynos_9110exynos_980exynos_modem_5300_firmwareexynos_2200_firmwareexynos_9820exynos_modem_5123_firmwareexynos_9810exynos_9110_firmwareexynos_1280exynos_850exynos_1080exynos_2200exynos_w920_firmwareexynos_w920exynos_auto_t5123_firmwareexynos_1080_firmwareexynos_2100_firmwareexynos_1280_firmwareexynos_modem_5300exynos_1380_firmwareexynos_9610_firmwareexynos_modem_5123n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-14853
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.94% / 56.54%
||
7 Day CHG~0.00%
Published-17 Dec, 2018 | 18:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s6galaxy_s6_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-6604
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.63% / 83.68%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-exynos_fimg2dandroidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-7160
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.64%
||
7 Day CHG~0.00%
Published-03 Nov, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.

Action-Not Available
Vendor-n/aSamsung
Product-samsung_mobilen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-40759
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 53.34%
||
7 Day CHG+0.04%
Published-16 Sep, 2022 | 21:36
Updated-03 Aug, 2024 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62817
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 20.36%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-10 Mar, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1580_firmwareexynos_2200_firmwareexynos_2200exynos_1280_firmwareexynos_2500_firmwareexynos_1480_firmwareexynos_1280exynos_1580exynos_1380exynos_1480exynos_2400_firmwareexynos_2500exynos_2400n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62815
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 4.08%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1580_firmwareexynos_2400_firmwareexynos_1380_firmwareexynos_2500exynos_1480_firmwareexynos_2400exynos_1380exynos_1580exynos_2500_firmwareexynos_1480n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62814
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.50%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1280exynos_2200exynos_2400_firmwareexynos_1380_firmwareexynos_1480_firmwareexynos_2200_firmwareexynos_1380exynos_1280_firmwareexynos_2400exynos_1480n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54326
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 20.72%
||
7 Day CHG+0.01%
Published-03 Dec, 2025 | 00:00
Updated-05 Dec, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200exynos_1280exynos_2200_firmwareexynos_1280_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54332
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.21%
||
7 Day CHG+0.03%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1380n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-54334
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.20%
||
7 Day CHG+0.03%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_1380_firmwareexynos_2200exynos_2200_firmwareexynos_1280_firmwareexynos_1380exynos_1580_firmwareexynos_2400_firmwareexynos_2400exynos_2500_firmwareexynos_1280exynos_1480_firmwareexynos_1580exynos_2500n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-35505
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.32% / 23.30%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 10:20
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemuQEMU
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-37647
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.16% / 5.51%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:10
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either `indices` or `values` are provided for an empty sparse tensor when the other is not. If `indices` is empty, then [code that performs validation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If `indices` as provided by the user is empty, then `indices` in the C++ code above is backed by an empty `std::vector`, hence calling `indices->dim_size(0)` results in null pointer dereferencing (same as calling `std::vector::at()` on an empty vector). We have patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2012-5640
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 30.62%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:17
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

thttpd has a local DoS vulnerability via specially-crafted .htpasswd files

Action-Not Available
Vendor-acmethttpd
Product-thttpdthttpd
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-0222
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.8||MEDIUM
EPSS-0.35% / 26.90%
||
7 Day CHG~0.00%
Published-05 Jan, 2025 | 15:31
Updated-23 Jan, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Protected Folder IOCTL IUProcessFilter.sys 0x8001E004 null pointer dereference

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-i0bitIObit
Product-protected_folderProtected Folder
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 40.44%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 18:08
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.56% / 42.48%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 18:08
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-15924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 40.56%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 18:08
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29205
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 23.55%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:25
Updated-22 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault due to missing support for quantized types in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-29201
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 25.17%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:00
Updated-22 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29206
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 25.71%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 22:15
Updated-22 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-28189
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 19.93%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:15
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverNVIDIA GPU Display Driver
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-24736
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-1.50% / 71.11%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 19:55
Updated-22 Apr, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A Malformed Lua script can crash Redis

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

Action-Not Available
Vendor-Redis Inc.Fedora ProjectOracle CorporationNetApp, Inc.
Product-communications_operations_monitormanagement_services_for_netapp_hcifedoraredismanagement_services_for_element_softwareredis
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13435
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 46.21%
||
7 Day CHG~0.00%
Published-24 May, 2020 | 21:55
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

Action-Not Available
Vendor-sqliten/aFedora Project
Product-sqlitefedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-18301
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.76%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-fsm9055mdm9640_firmwaresdm636_firmwaresd430sd625_firmwaresdx20fsm9955_firmwaresd650_firmwaresdm660sdm630mdm9607_firmwaremdm9650sd425_firmwaresd820a_firmwaremsm8909w_firmwaremdm9607sd617_firmwarefsm9055_firmwaresd652_firmwaresd425sd652sd427_firmwaresd625sd435sd835_firmwaresd435_firmwaresdm636sd427sdm630_firmwaresd820_firmwarefsm9955sd845_firmwaresd430_firmwaresd450_firmwaresd845mdm9650_firmwaresd820sdx20_firmwaresd835sd650sd820amsm8909wsd450sd617sdm660_firmwaremdm9640n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-17113
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 27.99%
||
7 Day CHG~0.00%
Published-04 Dec, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request.

Action-Not Available
Vendor-ikarussecurityn/a
Product-anti.virusn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14604
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 21.91%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel® Quartus® Prime Pro Edition
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 46.40%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 13:39
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found