Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-16728

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-05 Jan, 2018 | 08:00
Updated At-05 Aug, 2024 | 20:35
Rejected At-
Credits

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:05 Jan, 2018 | 08:00
Updated At:05 Aug, 2024 | 20:35
Rejected At:
▼CVE Numbering Authority (CNA)

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

Affected Products
Vendor
n/a
Product
Advantech WebAccess
Versions
Affected
  • Advantech WebAccess
Problem Types
TypeCWE IDDescription
CWECWE-822CWE-822
Type: CWE
CWE ID: CWE-822
Description: CWE-822
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/102424
vdb-entry
x_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/102424
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/102424
vdb-entry
x_refsource_BID
x_transferred
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/102424
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:05 Jan, 2018 | 08:29
Updated At:09 Oct, 2019 | 23:25

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Advantech (Advantech Co., Ltd.)
advantech
>>webaccess>>Versions before 8.3(exclusive)
cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE-822Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-822
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/102424ics-cert@hq.dhs.gov
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02ics-cert@hq.dhs.gov
Broken Link
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/102424
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
Source: ics-cert@hq.dhs.gov
Resource:
Broken Link
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

515Records found

CVE-2017-12719
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-3.05% / 86.08%
||
7 Day CHG~0.00%
Published-06 Nov, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessAdvantech WebAccess
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2019-6554
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.57% / 72.59%
||
7 Day CHG~0.00%
Published-05 Apr, 2019 | 18:15
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccessWebAccess/SCADA
CWE ID-CWE-284
Improper Access Control
CVE-2019-16900
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.73%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:00
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/hmi_designern/a
CVE-2019-16901
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.73%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:00
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/hmi_designern/a
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2016-0851
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-2.23% / 80.77%
||
7 Day CHG~0.00%
Published-15 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0860
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-5.42% / 91.81%
||
7 Day CHG~0.00%
Published-15 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0241
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-4.91% / 91.13%
||
7 Day CHG~0.00%
Published-21 Feb, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-advantech_webaccessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16753
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-2.08% / 79.39%
||
7 Day CHG~0.00%
Published-05 Jan, 2018 | 08:00
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessAdvantech WebAccess
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16899
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.73%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 01:00
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/hmi_designern/a
CVE-2018-7497
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.92% / 85.49%
||
7 Day CHG~0.00%
Published-15 May, 2018 | 22:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccess\/nmswebaccess_dashboardwebaccesswebaccess_scadaWebAccess
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1437
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.80% / 84.87%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 22:30
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccess\/scadaWebAccess/SCADA
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.35% / 87.35%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

Action-Not Available
Vendor-n/aGraphicsMagick
Product-graphicsmagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-10231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.68% / 88.43%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 13:57
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-nc450_firmwarenc220nc200_firmwarenc250_firmwarenc220_firmwarenc260_firmwarenc260nc210nc210_firmwarenc200nc230nc450nc230_firmwarenc250n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-7550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.39% / 82.13%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 18:23
Updated-06 Aug, 2024 | 02:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-8723
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.41% / 69.57%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131a_firmwareawk-3131aAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15191
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.75% / 50.79%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:41
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undefined behavior in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-252
Unchecked Return Value
CVE-2020-15689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.83%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 13:48
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.

Action-Not Available
Vendor-embedthisn/a
Product-appwebn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15204
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.90% / 55.75%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:46
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in Tensorflow

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13934
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-64.12% / 99.14%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 14:59
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxcommunications_instant_messaging_servermysql_enterprise_monitorinstantis_enterprisetracksiebel_ui_frameworkoncommand_system_managertomcatagile_engineering_data_managementagile_plmfmw_platformmanaged_file_transferworkload_managerleapApache Tomcat
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13950
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-49.09% / 98.75%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 07:10
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_proxy_http NULL pointer dereference

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.47%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.32% / 81.51%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 16:52
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

Action-Not Available
Vendor-troglobitn/a
Product-uftpdn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 83.43%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13577
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-3.02% / 85.96%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 00:00
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-genivian/aFedora Project
Product-gsoapfedoraGenivia
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.37% / 81.95%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 21:03
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.

Action-Not Available
Vendor-meetechon/a
Product-janusn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-12845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.20% / 86.72%
||
7 Day CHG~0.00%
Published-27 Jul, 2020 | 22:56
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.

Action-Not Available
Vendor-cherokee-projectn/a
Product-cherokeen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13582
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-2.61% / 83.70%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 18:15
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-silabsn/a
Product-micrium_uc-httpMicrium
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 79.85%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 14:13
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.37% / 81.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 21:07
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.

Action-Not Available
Vendor-meetechon/a
Product-janusn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13574
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-3.02% / 85.96%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 00:00
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-genivian/aFedora Project
Product-gsoapfedoraGenivia
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13575
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-2.27% / 81.07%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 20:01
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-geniviaGeniviaFedora Project
Product-gsoapfedoragSOAP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13578
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-3.02% / 85.96%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 00:00
Updated-19 Nov, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-genivian/aFedora Project
Product-gsoapfedoraGenivia
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-12059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.65% / 83.97%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 00:00
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

Action-Not Available
Vendor-n/aThe Linux FoundationCanonical Ltd.
Product-ubuntu_linuxcephn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-8726
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.41% / 69.57%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131a_firmwareawk-3131aAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-10957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.17% / 93.58%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 13:56
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-5590
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.41%
||
7 Day CHG+0.01%
Published-15 Oct, 2023 | 22:14
Updated-16 Sep, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in seleniumhq/selenium

NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.

Action-Not Available
Vendor-seleniumseleniumhq
Product-seleniumseleniumhq/selenium
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-5235
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-1.04% / 60.31%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 23:09
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-neo-al00d_firmwarehima-al00bjohnson-l22d_firmwarevogue-al00a_firmwarejohnson-l21d_firmwarebla-tl00b_firmwareelle-tl00bjackman-l21_firmwarecolumbia-l29d_firmwareharry-al00ccolumbia-tl00dcolumbia-al10ivogue-tl00b_firmwarevogue-al10c-preload_firmwarehima-al00b_firmwarebla-tl00bharry-tl00c_firmwareever-l29b_firmwareharry-al10balp-tl00bprinceton-al10ipotter-al00cjackman-l22_firmwarejohnson-l42ifjohnson-tl00ftony-tl00b_firmwareelle-tl00b_firmwareelle-al00b_firmwaretony-tl00bjohnson-tl00d_firmwarepotter-al00c_firmwareever-al00b_firmwarecolumbia-al10b_firmwarealp-tl00b_firmwarejohnson-l23cprinceton-tl10c_firmwarejohnson-l22celle-al00bjohnson-al10cjohnson-l42iejohnson-l42ie_firmwareprinceton-al10b_firmwarevogue-al10c_firmwareharry-al10b_firmwarelaya-al00ep_firmwarecharlotte-al00aprinceton-tl10cvogue-al00a-preloadprinceton-al10i_firmwarevogue-al10c-preloademily-tl00b_firmwarevogue-al00a-preload_firmwarevogue-tl00bjohnson-al10c_firmwarelaya-al00eppotter-al10aprinceton-al10d_firmwarecharlotte-tl00bcharlotte-tl00b_firmwarebla-al00b_firmwarecolumbia-tl00d_firmwareever-l29bcolumbia-l29dever-al00bcolumbia-al10bemily-al00a_firmwaretony-al00b_firmwarejackman-l22jackman-l23jackman-l23_firmwarejohnson-l21c_firmwarejohnson-l23c_firmwareemily-tl00bjohnson-l42if_firmwarebla-al00bemily-al00ajohnson-tl00djohnson-l22dharry-tl00cjohnson-l22c_firmwaretony-al00bharry-al00c_firmwareprinceton-al10djohnson-tl00f_firmwarealp-al00b_firmwarejohnson-al00icjohnson-al00ic_firmwarejohnson-l21dprinceton-al10bvogue-al10ccharlotte-al00a_firmwarecolumbia-al10i_firmwarepotter-al10a_firmwarejackman-l21johnson-l21cjohnson-l42ic_firmwarealp-al00bneo-al00djohnson-l42icvogue-al00aHarry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-45773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.81%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.

Action-Not Available
Vendor-mz-automationn/a
Product-lib60870n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-7445
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.19% / 89.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.

Action-Not Available
Vendor-uclouvainn/aopenSUSE
Product-leapopenjpegn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-1999-0052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.16% / 80.19%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Action-Not Available
Vendor-bsdin/absdiOpenBSDFreeBSD Foundation
Product-freebsdbsd_osopenbsdn/aopenbsdfreebsdbsd_os
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-44494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 71.27%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:37
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.

Action-Not Available
Vendor-yottadbfisglobaln/a
Product-gt.myottadbn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-44506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.64% / 73.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 17:55
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.

Action-Not Available
Vendor-yottadbn/a
Product-gt.mn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-3995
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-28.55% / 97.92%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 21:59
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.

Action-Not Available
Vendor-elog_projectn/aFedora Project
Product-elogfedoraELOG
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-7053
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-21.68% / 97.36%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CMS Null dereference

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

Action-Not Available
Vendor-OpenSSL
Product-opensslOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-27336
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.97%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:55
Updated-13 Aug, 2025 | 00:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability

Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508.

Action-Not Available
Vendor-softingSoftingsofting
Product-edgeaggregatoredgeconnectorsecure_integration_serveredgeConnector Siemensedgeconnector
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-5054
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-3.13% / 86.41%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:09
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wnr2000wnr2000_firmwareN300 WNR2000v5
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-5010
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-21.44% / 97.34%
||
7 Day CHG+0.70%
Published-31 Oct, 2019 | 20:05
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSERed Hat, Inc.Python Software Foundation
Product-debian_linuxenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusenterprise_linux_server_tuspythonleapPython
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-5008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.82% / 85.00%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 18:07
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-44108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.89%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 01:22
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2617
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.36% / 68.53%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 05:31
Updated-27 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.

Action-Not Available
Vendor-opencvOpenCV
Product-opencvwechat_qrcode Module
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found