Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-26213

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-06 Nov, 2020 | 16:45
Updated At-04 Aug, 2024 | 15:49
Rejected At-
Credits

Denial of Service in teler

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:06 Nov, 2020 | 16:45
Updated At:04 Aug, 2024 | 15:49
Rejected At:
▼CVE Numbering Authority (CNA)
Denial of Service in teler

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.

Affected Products
Vendor
kitabisa
Product
teler
Versions
Affected
  • < 0.0.1
Problem Types
TypeCWE IDDescription
CWECWE-476{"CWE-476":"NULL Pointer Dereference"}
Type: CWE
CWE ID: CWE-476
Description: {"CWE-476":"NULL Pointer Dereference"}
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf
x_refsource_CONFIRM
https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e
x_refsource_MISC
Hyperlink: https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf
x_refsource_CONFIRM
x_transferred
https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:06 Nov, 2020 | 17:15
Updated At:17 Nov, 2020 | 17:11

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
teler_project
teler_project
>>teler>>Versions before 0.0.1(exclusive)
cpe:2.3:a:teler_project:teler:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarysecurity-advisories@github.com
CWE ID: CWE-476
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7esecurity-advisories@github.com
Patch
Third Party Advisory
https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvfsecurity-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/kitabisa/teler/commit/ec6082049dba9e44a21f35fb7b123d42ce1a1a7e
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/kitabisa/teler/security/advisories/GHSA-jhj6-5mh6-4pvf
Source: security-advisories@github.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

943Records found
CVE-2020-24369
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.22%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 16:06
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

Action-Not Available
Vendor-luan/a
Product-luan/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3316
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 5.37%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 11:10
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.

Action-Not Available
Vendor-LibTIFF
Product-libtifflibtiff
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-15921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.66% / 92.74%
||
7 Day CHG~0.00%
Published-30 Oct, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.

Action-Not Available
Vendor-watchdogdevelopmentn/a
Product-anti-malwareonline_security_pron/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33089
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.53%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in WLAN Firmware

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresa6150p_firmwaresd865_5gipq9574qcn9000_firmwareqcn6102_firmwareqca6595qcn9022ipq6028_firmwareimmersive_home_214_platformqca8081_firmwarewcd9370qcn9001qca8072qca6696wcd9340_firmwarewcd9341_firmwareipq5028_firmwarewcd9395_firmwareqcn6024qcn9003_firmwarear9380snapdragon_sc8180xp-aa_firmwareqcc710_firmwareqcc2073_firmwareqca6426ipq8076wcn6740_firmwarefastconnect_6700qca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023sa4150pqcn5124_firmwarewsa8832_firmwareimmersive_home_216_platformqca8337qca9994_firmwareqca6426_firmwarewcd9395ipq6000snapdragon_auto_4g_modemqca6574au_firmwareipq8078aipq8078a_firmwareqam8295pwcd9341qca6574auwcd9390wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwareqcn9100_firmwareqca2064_firmwareqcn5122qca6554afastconnect_6800_firmwareqcs5430qcn6024_firmwareqca9886_firmwareqcm5430qcm5430_firmwaresnapdragon_778g\+_5g_mobile_platformsa8770pqcn9000ssg2115pqcc710qcn6132_firmwareqca2062_firmwareqsm8250_firmwareqsm8350_firmwareqcn5054315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114wcd9385_firmwareqca6421315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareipq8074a_firmwareipq8076awcd9360qcn5164snapdragon_888_5g_mobile_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwareimmersive_home_3210_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155psnapdragon_sc8180x-aaqcn6100_firmwareqca6421_firmwareqca6564au_firmwarecsr8811_firmwaresnapdragon_sc8180xp-aaqca8075wsa8810qcn5021qam8650psa9000pqca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwaresa6155p_firmwarewsa8840qcs8550_firmwareqca9986_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwareqcn9012snapdragon_sc8180x-adsnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070qcs4490_firmwaresnapdragon_8_gen_2_mobile_platformqcf8001snapdragon_7c\+_gen_3_compute_firmwareqca8084qca6420sdx65mwcd9370_firmwarecsrb31024snapdragon_x55_5g_modem-rf_system_firmwareqcc2076qca6574aipq9570sa8195pwcd9340snapdragon_auto_5g_modem-rf_gen_2qcm6490immersive_home_316_platform_firmwareqcn6122_firmwareqcn5154_firmwaresm8550p_firmwareimmersive_home_3210_platformqcm8550qcn5122_firmwareqcn9274qcn9024pmp8074ipq8076a_firmwaresa8775pqca6574snapdragon_x75_5g_modem-rf_systemipq9570_firmwaresxr2230p_firmwarear9380_firmwareqca2066_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011sa8775p_firmwareqcn9024_firmwarewsa8845hqca8082sa6150psa8155p_firmwaresa8155pqca8072_firmwarewsa8830snapdragon_sc8180x-acsm8550pqcf8000_firmwaresa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn9074_firmwareipq8174sc8180x\+sdx55_firmwareqcn6122sa8255p_firmwareflight_rb5_5g_platform_firmwareqcc2073ipq8174_firmwarear8035ipq8072asa6155qrb5165m_firmwareqca2065qca9985robotics_rb5_platformqcn6224ipq8071aqcn6112sc8180x\+sdx55wcn3950_firmwareqca6698aqssg2125p_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200sm7325p_firmwaresa8145p_firmwarewcd9360_firmwaresnapdragon_sc8280xp-ab_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwareqcn9002ipq8078immersive_home_326_platform_firmwareqcs6490ipq9554_firmwarefastconnect_6200_firmwaresnapdragon_sc8180xp-acqcn9072wsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832qca8082_firmwaresnapdragon_auto_4g_modem_firmwareqcc2076_firmwaresxr2130_firmwareqca6678aqar8035_firmwareqcn5022_firmwareqca9992qrb5165msnapdragon_888_5g_mobile_platformsc8380xpqca1064sa4150p_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwareipq9008ipq9554qca6564auqca9992_firmwareqca9990ipq8070ipq9008_firmwareqcn9074immersive_home_214_platform_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcn5054_firmwareqca9888ipq5332qcn9013sg8275p_firmwareipq8173qcm6490_firmwareipq8072a_firmwareipq6010_firmwareqcm4490_firmwarewcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformqca8085_firmwaresa8295p_firmwareqca9984ipq5010_firmwareqcn9022_firmwareqca9886qcn6132csrb31024_firmwareipq6018sa8155qcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584ausd888qcn6274_firmwareqcn9011_firmwarewcn6740sc8380xp_firmwareipq8065fastconnect_6800qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn9001_firmwareimmersive_home_216_platform_firmwaresnapdragon_782g_mobile_platform_firmwareipq8070afastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_sc8280xp-absa8150pqcn9003qca8075_firmwaresnapdragon_778g_5g_mobile_platformqcf8000qcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psnapdragon_865\+_5g_mobile_platformqca2065_firmwaresnapdragon_sc8180x-ad_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformipq6010aqt1000snapdragon_sc8180xp-ad_firmwaresnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqam8295p_firmwareqca6431_firmwaresm7315qca6698aq_firmwarewcd9385qca9994qsm8350qca8084_firmwaresa8255psxr1230p_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareqcn5024snapdragon_865\+_5g_mobile_platform_firmwareqca6430sg8275psdx55_firmwareipq8071a_firmwaresnapdragon_auto_5g_modem-rfssg2125pqca6554a_firmwaresnapdragon_sc8180x-ac_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformimmersive_home_326_platformsm7325pqam8650p_firmwareqcn9013_firmwareqca2062qca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwarewcn3980_firmwareqca6584au_firmwareqrb5165n_firmwareqca6436snapdragon_sc8180x-aa_firmwareqcn5152_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqcn6274qfw7124qca6595au_firmwareqca0000snapdragon_sc8180xp-ac_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformipq8068qca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqcn5124qam8775pipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwareqca9888_firmwareipq8074aimmersive_home_318_platformqca9889qca1062qcn5024_firmwareqcn9002_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca8386ipq5010qca6391qcn9274_firmwaresnapdragon_sc8180xp-adsnapdragon_778g_5g_mobile_platform_firmwareqcs5430_firmwareipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwareqcs8550ipq8068_firmwareipq6000_firmwarefastconnect_7800qam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375ipq8078_firmwareqca9889_firmwareipq8070_firmwaresa8145pqcn5154immersive_home_316_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca2066wsa8835_firmwaressg2115p_firmwarecsr8811qcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23526
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-15 Dec, 2022 | 00:43
Updated-18 Apr, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Helm contains Denial of service through schema file

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.

Action-Not Available
Vendor-helmhelm
Product-helmhelm
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 21:27
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 21:27
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5597
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.66%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 08:05
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-got2000_gt27got2000_gt23coreosgot2000_gt25GOT2000 series GT27, GT25, and GT23
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23016
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.87%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-2337
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.09% / 77.56%
||
7 Day CHG~0.00%
Published-17 Aug, 2022 | 20:18
Updated-16 Apr, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Softing Secure Integration Server NULL Pointer Dereference

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.

Action-Not Available
Vendor-softingSofting
Product-edgeconnectorsecure_integration_serveropc_ua_c\+\+_software_development_kitopcuagatesedgeaggregatorSecure Integration Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:25
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).

Action-Not Available
Vendor-science-minern/a
Product-pdf2xmln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32248
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.42%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tree connection null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23879
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:25
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.

Action-Not Available
Vendor-flowpapern/a
Product-pdf2jsonn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.09%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 16:45
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8723dertl8723de_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33056
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.64%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer dereference in WLAN Firmware

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqam8255p_firmwarewsa8830qcn9070sxr2230p_firmwareqca8337qam8650pqfw7124ipq8173_firmwarewcn785x-5qam8775pqcf8001qcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386wsa8840immersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwareipq6000ssg2115pqcn5152_firmwareqca0000_firmwareqca6584au_firmwarewcn685x-1qcn9000_firmwaresnapdragon_8_gen_2_mobile_platformipq9554qca6554a_firmwarewcd9385_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqca8386_firmwareqcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn5124_firmwareqca8082_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwareqfw7114wsa8845h_firmwareipq5010qca6564au_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwareqcn9274ipq8174ipq5028wsa8840_firmwareqca6698aqqcn5052qca0000qcf8001_firmwareipq6010qcs8550_firmwaresc8380xp_firmwareqcn6112_firmwareqcn9074qca8085sdx65mwcd9340qcn6132qcn6224qcn9013wsa8845hsnapdragon_ar2_gen_1_platform_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9395_firmwareqca8081qcf8000qca6698aq_firmwareipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcn685x-1_firmwareimmersive_home_3210_platformqca8085_firmwareqam8775p_firmwareqca9888_firmwareqcn6122wcd9385qca6696_firmwareipq9008_firmwareipq9570qcn5154_firmwareqca6797aqar8035csr8811wcd9390qcc710_firmwareqcn9100_firmwarewsa8830_firmwareipq5010_firmwareipq8074a_firmwarewsa8835_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qca8337_firmwarewcd9380_firmwaressg2125pqcn9000ipq8072aqcf8000_firmwareqca6554aipq8076a_firmwareqca6595ipq8078qca6564auqca8084ipq8173qcm8550ipq9008qcn9012qcn5164immersive_home_326_platform_firmwareqcn6122_firmwareqca6574sxr1230p_firmwarewsa8835snapdragon_8\+_gen_2_mobile_platform_firmwarecsr8811_firmwareqcn6274wcd9380ipq9554_firmwareqcn5154qca8075_firmwaressg2125p_firmwareqca6574aqcn5024wcn685x-5_firmwareqca9889qcn6132_firmwaresxr1230pqca9888qcn9012_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwarewsa8845qcc2073_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwarewcd9340_firmwareqcn6112sxr2230pipq8076wsa8845_firmwareqca6574a_firmwareqcn5152ipq6028sc8380xpqcn9024ipq9574_firmwarewcn785x-5_firmwareimmersive_home_3210_platform_firmwareqcn9100qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemipq8078_firmwareipq9570_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8832_firmwarewcn685x-5ipq6028_firmwareipq8072a_firmwareqca6797aq_firmwarewcn785x-1_firmwareqca6574auqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8832ipq5332_firmwareipq5332sm8550pimmersive_home_326_platformsnapdragon_ar2_gen_1_platformipq6018qcn5022qcn9013_firmwareqam8650p_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6595_firmwarewcd9395qca6696qcs8550immersive_home_214_platform_firmwareqca4024sm8550p_firmwaresdx55qca8075qcn9022_firmwarewcd9390_firmwareqcn6024qcn9022qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwareqfw7124_firmwareqam8255pqcc2073ar8035_firmwareSnapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-1971
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 55.47%
||
7 Day CHG-0.02%
Published-08 Dec, 2020 | 15:30
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EDIPARTYNAME NULL pointer dereference

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Action-Not Available
Vendor-Fedora ProjectOracle CorporationTenable, Inc.Debian GNU/LinuxSiemens AGNode.js (OpenJS Foundation)OpenSSLNetApp, Inc.
Product-communications_unified_session_managerpeoplesoft_enterprise_peopletoolsopensslcommunications_cloud_native_core_network_function_cloud_native_environmenthci_storage_nodebusiness_intelligenceef600asantricity_smi-s_providerhci_compute_nodenode.jssnapcentersinec_infrastructure_network_servicesef600a_firmwaremanageability_software_development_kitessbasegraalvmdata_ontaphci_management_nodefedorae-series_santricity_os_controlleraff_a250nessus_network_monitorenterprise_manager_ops_centercommunications_session_border_controllerenterprise_communications_brokerapi_gatewaycommunications_session_routeroncommand_insightjd_edwards_world_securityenterprise_manager_for_storage_managementactive_iq_unified_managerlog_correlation_engineoncommand_workflow_automationsolidfireenterprise_session_border_controllermysqlcommunications_diameter_intelligence_hubhttp_serverdebian_linuxplug-in_for_symantec_netbackupcommunications_subscriber-aware_load_balancerclustered_data_ontap_antivirus_connectorjd_edwards_enterpriseone_toolsenterprise_manager_base_platformaff_a250_firmwaremysql_serverOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1752
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-22.71% / 95.73%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Fedora ProjectThe Apache Software FoundationApple Inc.
Product-ubuntu_linuxfedoradebian_linuxmac_os_xsubversionn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-38604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 15:43
Updated-30 May, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Action-Not Available
Vendor-n/aOracle CorporationFedora ProjectGNU
Product-communications_cloud_native_core_security_edge_protection_proxyenterprise_operations_monitorfedoracommunications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_network_function_cloud_native_environmentglibccommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-19752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.47%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 19:42
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

Action-Not Available
Vendor-lcdfn/aFedora Project
Product-fedoragifsiclen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33109
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.64%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in WLAN Firmware

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd865_5gqca6595snapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwareqcn9001snapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024ar9380qcc710_firmwareqca6426fastconnect_6700snapdragon_768g_5g_mobile_platform_firmwaresa4150pqcn5124_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqcn7606_firmwareipq8078a_firmwareqam8295pwcd9341wsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_8cx_gen_2_5g_compute_platformqca2064_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcn9000snapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwaresnapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310ipq8074a_firmwareipq8076awcd9360snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6564au_firmwaresnapdragon_768g_5g_mobile_platformqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa6155p_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqca8084sm4125_firmwareqca6420snapdragon_7c_gen_2_compute_platform_firmwarewcn3910csrb31024snapdragon_845_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwareqcc2076snapdragon_660_mobile_platformqca6574aqca9898_firmwarewcd9340qcs8250_firmwareqcm2290qcn6122_firmwareqcn5154_firmwareipq8074sm8550p_firmwareqcm8550wcn3988qcn5122_firmwareqcn9024pmp8074snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_8cx_compute_platformqca2066_firmwareqca8082qcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn6122sa8255p_firmwareqcc2073qrb5165m_firmwaresnapdragon_678_mobile_platform_firmwareqca9985ipq8071aqcn6112wcn3950_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwareimmersive_home_326_platform_firmwareqca6438_firmwaresnapdragon_750g_5g_mobile_platformqcn9072qcn6224_firmwareipq4028_firmwareqca6431sd660_firmwareqca8082_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwareqrb5165msnapdragon_888_5g_mobile_platformqca1064qca6320snapdragon_w5\+_gen_1_wearable_platform_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareqca9992_firmwareqca6428qca9990ipq8070ipq9008_firmwareqcn9074wsa8815_firmwareqca8337_firmwareipq8173snapdragon_8c_compute_platformsm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_765g_5g_mobile_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobile_platformsm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresnapdragon_845_mobile_platform_firmwaresd888sd460_firmwaresnapdragon_4_gen_2_mobile_platformipq8069ipq8065qca6310_firmwarefastconnect_6800qcs7230snapdragon_685_4g_mobile_platform_firmwarewcd9371qcn9001_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_865\+_5g_mobile_platformqca2065_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqca6431_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3999_firmwareqca8084_firmwareqcn7605_firmwaresnapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwareqcn5024snapdragon_690_5g_mobile_platformqca6430snapdragon_auto_5g_modem-rfssg2125pcsra6640_firmwareimmersive_home_326_platformqcn9013_firmwareqam8650p_firmwarevideo_collaboration_vc5_platformqca2062qca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_732g_mobile_platformipq8068qcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660wsa8815qam8775pqcm4325_firmwareipq8069_firmwareqcm4290_firmwareqca9888_firmwareqca9889qca1062qcn5024_firmwareqcn9002_firmwareipq5010qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_670_mobile_platformcsra6620_firmwareqcs8550ipq8068_firmwareqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375qca9889_firmwaresa8145psd_675immersive_home_316_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca2066csr8811qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100psxr1120ipq9574qcn9000_firmwareqcn6102_firmwarevision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696wcd9341_firmwareqcn9003_firmwareqcc2073_firmwareipq8076wcn6740_firmwareqca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqca9994_firmwareipq6000snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640qcn9100_firmwareqcn5122sd730snapdragon_730g_mobile_platform_firmwareqca6554aqcn6024_firmwareqca9886_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformqcn6132_firmwaresxr1120_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6421_firmwareqcm6125csr8811_firmwarewsa8810qcn5021qca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwarewcd9326_firmwarewsa8840qcs8550_firmwareqca9986_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwareqcf8001wcn3910_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresdx65mwcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareipq9570sa8195pqca6335_firmwareqcm6490immersive_home_316_platform_firmwareimmersive_home_3210_platformqcn9274ipq8076a_firmwareipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformipq4029_firmwareqcn9011qcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwaresnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072asa6155qca2065qcm4325robotics_rb5_platformqcn6224sc8180x\+sdx55qca6698aqsnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresd670sa8145p_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarewcn3990qca6428_firmwareqcn9002ipq8078snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250ipq9554_firmwaresnapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqca6678aq_firmwareqca8386_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwareqca6678aqsnapdragon_675_mobile_platform_firmwareqcn5022_firmwareqca9992sa4150p_firmwareqca9898ipq9008ipq9554qca6564ausm6250p_firmwareimmersive_home_214_platform_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332snapdragon_680_4g_mobile_platformqcn9013ar8031qcm6490_firmwareipq8072a_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformrobotics_rb3_platform_firmwareflight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwareqcs6125snapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwareqca8085_firmwareqca9886qcn6132sm6250_firmwareqcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380ipq4028qam8255psa6145p_firmwaresa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pqcn9003snapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwareqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psd662_firmwareipq6010sw5100aqt1000qam8295p_firmwaresd855wcn3990_firmwaresm7315wcd9385qca9994qsm8350sd662qcs4290sxr1230p_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareipq4018snapdragon_865\+_5g_mobile_platform_firmwaresm6250psdx55_firmwareipq8071a_firmwareqca6438qca6554a_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformipq4029sm7325psnapdragon_855_mobile_platform_firmwareaqt1000_firmwareipq4018_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124ipq8074_firmwareqca6595au_firmwareqca0000sw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwarevision_intelligence_400_platformqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_480\+_5g_mobile_platformipq8074aimmersive_home_318_platformsd675sd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391ipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwarerobotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareipq6000_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwaressg2115p_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.06% / 83.59%
||
7 Day CHG~0.00%
Published-15 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32252
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.09%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Aug, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410s_firmwareh700s_firmwareh300s_firmwareh500s_firmwareh410c_firmwareh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-1967
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-64.69% / 98.41%
||
7 Day CHG-2.62%
Published-21 Apr, 2020 | 13:45
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segmentation fault in SSL_check_chain

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Action-Not Available
Vendor-jdedwardsFreeBSD FoundationFedora ProjectOracle CorporationTenable, Inc.Broadcom Inc.Debian GNU/LinuxopenSUSEOpenSSLNetApp, Inc.
Product-freebsdjd_edwards_world_securitypeoplesoft_enterprise_peopletoolsenterprise_manager_for_storage_managementopenssle-series_performance_analyzeractive_iq_unified_managerlog_correlation_enginemysql_connectorsleaponcommand_workflow_automationmysql_workbenchsnapcentersteelstore_cloud_integrated_storagehttp_servermysqldebian_linuxsmi-s_providermysql_enterprise_monitorfedoraenterpriseoneapplication_serverfabric_operating_systementerprise_manager_ops_centerenterprise_manager_base_platformoncommand_insightOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-36622
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 70.13%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 20:04
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-18395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.31%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 20:36
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.

Action-Not Available
Vendor-n/aGNU
Product-gaman/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 66.22%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 18:16
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-38567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:15
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-pdf_readerpdf_editorn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2005-2459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.31% / 89.82%
||
7 Day CHG~0.00%
Published-22 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-5304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.38% / 87.13%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 19:35
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Action-Not Available
Vendor-libvncserver_projectn/aFedora Project
Product-libvncserverfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32084
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.88% / 89.36%
||
7 Day CHG-0.85%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP.sys Denial of Service Vulnerability

HTTP.sys Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_11_22h2windows_11_21h2windows_server_2022windows_server_2019Windows Server 2022Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-15267
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.70%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.

Action-Not Available
Vendor-n/aGNU
Product-libextractorn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-4816
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 78.46%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:44
Updated-07 Aug, 2024 | 04:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdFreeBSD and OpenBSD ftpd service
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36764
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.31%
||
7 Day CHG-0.09%
Published-04 Aug, 2021 | 13:35
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-1730
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.70%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 00:00
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Action-Not Available
Vendor-libsshRed Hat, Inc.NetApp, Inc.Canonical Ltd.Oracle CorporationFedora Project
Product-ubuntu_linuxcloud_backupfedoraenterprise_linuxlibsshmysql_workbenchlibssh
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-4576
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.19% / 84.07%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_oschromen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-1415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.59% / 81.33%
||
7 Day CHG~0.00%
Published-03 Mar, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)openSUSE
Product-kerberos_5opensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-39130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp.

Action-Not Available
Vendor-n/awangf1978
Product-n/adumpts
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-16117
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.45% / 63.35%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 17:59
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

Action-Not Available
Vendor-n/aThe GNOME ProjectDebian GNU/Linux
Product-evolution-data-serverdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-37083
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.90%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 16:04
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-30756
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.40% / 60.27%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:33
Updated-10 Sep, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference. This could allow a remote attacker with no privileges to cause a denial of service condition in the system.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC CP 1243-7 LTESIMATIC WinCC Runtime AdvancedTIM 1531 IRCSIMATIC CP 1242-7 V2 (incl. SIPLUS variants)SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)SIMATIC HMI Comfort Panels (incl. SIPLUS variants)SIMATIC CP 1243-8 IRCSIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)SIMATIC IPC DiagBaseSIMATIC CP 1243-1 (incl. SIPLUS variants)SIMATIC IPC DiagMonitorSIPLUS TIM 1531 IRC
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.95%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 00:00
Updated-08 Nov, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.

Action-Not Available
Vendor-toshibatecfujifilmn/atoshibafujifilmBrother Industries, Ltd.
Product-mfc-j895dwdcp-t510w\(china\)dcp-l2520dwrdcp-j972nmfc-j5520dwdcp-1617nwdocuprint_p265_dw_firmwaremfc-j5820dndcp-1612we_firmwaremfc-j497dwdcp-j973n-b_firmwaremfc-j898nmfc-j830d\(w\)n_firmwaremfc-j5335dwmfc-l2740dwr_firmwaremfc-j2320mfc-1910wehl-1222wemfc-j895dw_firmwaremfc-j898n_firmwaredcp-l2540dnr_firmwaremfc-j907d\(w\)n_firmwarehl-1218w_firmwaredocuprint_p118_wmfc-l2705dwmfc-j893n_firmwarehl-l2340dwr_firmwaredocuprint_m268_z_firmwaremfc-1911nwhl-l2360dnrdcp-l2560dw_firmwaredcp-1623wr_firmwaremfc-l2740dw\(japan\)mfc-j5620cdwdcp-l8410cdw_firmwaredcp-j587nmfc-j5520dw_firmwaremfc-j4320dwhl-2560dndcp-j981n_firmwaredocuprint_m115_zdocuprint_m115_w_firmwaremfc-j4720n_firmwaremfc-j998dn_firmwaredcp-j963n-bhl-l8260cdndcp-j4220n-bdocuprint_m118_zmfc-j5720cdw\(japan\)_firmwaredcp-l2560dwrhl-l2315dwmfc-l2685dwdocuprint_m115_fw_firmwaredcp-j982n-bmfc-j997d\(w\)nmfc-j903n_firmwaredcp-1612wvb_firmwaremfc-1912wr_firmwaremfc-j893nmfc-l2720dw_firmwaremfc-j5620dwdcp-j587n_firmwaremfc-l9570cdw_firmwaredcp-l2540dw\(japan\)hl-1211w_firmwaredcp-j762ndcp-j572dwdcp-j577ndcp-j582n_firmwaredocuprint_p268_ddcp-j973n-wmfc-l2720dwr_firmwaredocuprint_m115_z_firmwaremfc-j998dwn_firmwaremfc-l2707dwdcp-l2520dw_firmwarehl-l2340dwdcp-j4220n-w_firmwaremfc-t810wmfc-j837d\(w\)n_firmwarehl-1222we_firmwaremfc-j2330dw_firmwaremfc-l9570cdwfax-l2700dn_firmwaredcp-j978n-b_firmwaredocuprint_p118_w_firmwaredocuprint_m225_dw_firmwaredcp-t710w_firmwaredcp-1612wr_firmwaremfc-l8610cdw\(japan\)mfc-j6995cdwmfc-j2320_firmwaredcp-1610wvbmfc-j5730dwdcp-t510whl-l2365dwmfc-j6983cdwdocuprint_p225_d_firmwaredcp-j982n-b_firmwaremfc-l2705dw_firmwaredcp-j978n-wmfc-1910wmfc-1916nwmfc-j6583cdwdcp-l2560dwr_firmwaremfc-l2720dn_firmwaremfc-j900d\(w\)n_firmwaremfc-j880n_firmwarehl-l8360cdwtmfc-1911whl-1223wrdcp-l2541dw_firmwaredocuprint_m268_dw_firmwaremfc-j6535dwmfc-l2701dwdocuprint_m225_z_firmwaredcp-j982n-w_firmwaredocuprint_m225_dwdcp-j4225n-bmfc-l2701dw_firmwaremfc-j2720mfc-j485dwhl-1210wvb_firmwarehl-l9310cdwmfc-1915w_firmwaremfc-l2680w_firmwaredcp-j968n-wmfc-j5920dwhl-1212w_firmwaremfc-j737d\(w\)n_firmwaremfc-l8610cdwdcp-j983nmfc-j5730dw_firmwaremfc-j985dwmfc-l8900cdwmfc-l2685dw_firmwaremfc-j738dwndcp-j772dwmfc-j680dwmfc-j738dn_firmwaredcp-1610wvb_firmwaremfc-j5320dw_firmwaredcp-j972n_firmwaredcp-1618wdcp-j772dw_firmwaredcp-t510w_firmwaredocuprint_p225_dhl-l8360cdwt_firmwaredcp-j4120dwmfc-t810w\(china\)_firmwaremfc-j5625dw_firmwaredcp-j978n-w_firmwaredcp-1610wemfc-l8900cdw_firmwaredcp-l2540dnhl-l8360cdw_firmwaremfc-j5630cdw_firmwaredcp-j973n-bdcp-l8410cdwdcp-1616nwhl-1223wr_firmwarehl-1212wvbhl-1210wvbdcp-j982n-wmfc-j900d\(w\)nmfc-j5930dwhl-l2366dw_firmwarehl-1210wr_firmwaredcp-j962n_firmwaredcp-j963n-w_firmwarehl-l2361dn_firmwaree-studio_302dnfmfc-l9577cdwdcp-1612wrmfc-j5720dw_firmwaremfc-l2720dwrmfc-j6583cdw_firmwaredcp-1610wr_firmwaredcp-1610we_firmwaremfc-l9570cdw\(japan\)mfc-j680dw_firmwaremfc-j491dw_firmwaremfc-j775dwdocuprint_p115_w_firmwarehl-l8360cdwmfc-j491dwmfc-1912wrmfc-j5820dn_firmwaredcp-j978n-bmfc-l2703dw_firmwaredcp-j968n-b_firmwaremfc-j3930dwmfc-j4725n_firmwaremfc-j3930dw_firmwaredcp-1610wrmfc-l2740dw_firmwarehl-1223we_firmwaremfc-j5830dwmfc-j3530dwmfc-j6580cdwmfc-j6930dw_firmwaredcp-j987n-b_firmwarehl-1210w_firmwaredcp-j987n-wdcp-l2540dwdocuprint_m118_z_firmwaremfc-t910dw_firmwaredcp-j968n-w_firmwaredcp-l2540dw\(japan\)_firmwaredcp-j963n-whl-l2340dw_firmwaremfc-j6930dwdcp-1610w_firmwaredcp-l2560dwhl-l2365dw_firmwaredcp-j562dwmfc-j998dnmfc-l2700dwdcp-j983n_firmwaredcp-j785dwdcp-j572ndcp-l2520dwdcp-1616nw_firmwarehl-l2360dndocuprint_p115_wmfc-l2700dw_firmwarehl-1218wdcp-j562dw_firmwaredocuprint_m268_dwmfc-j480dwmfc-j5620cdw_firmwaremfc-j4620dwdcp-j987n-bdcp-j4225n-w_firmwaremfc-j5625dwdcp-t710w\(china\)_firmwaredcp-j562n_firmwaremfc-j990d\(w\)ndcp-1623wrhl-1212we_firmwaremfc-1916nw_firmwaredcp-l2520dwr_firmwaremfc-j6730dw_firmwaredocuprint_m265_zdcp-1618w_firmwaredcp-t710wmfc-j885dwhl-l2315dw_firmwaremfc-l2740dw\(japan\)_firmwaredcp-l2541dwhl-l2365dwrhl-l9310cdw_firmwaremfc-j6530dwdcp-1615nwdcp-7180dn_firmwaredcp-j4225n-b_firmwaredcp-j963n-b_firmwaremfc-j880nhl-l2365dwr_firmwarefax-l2700dndcp-j4220n-wdocuprint_m115_fwmfc-j990d\(w\)n_firmwarehl-1210wrmfc-l2680wmfc-j460dwhl-l2360dw_firmwaredocuprint_m265_z_firmwaredcp-1610wdcp-j567n_firmwaremfc-j2730dw_firmwaremfc-j480dw_firmwaremfc-j5330dwhl-1210wehl-l2305wdcp-j767n_firmwaremfc-j2720_firmwaredcp-l2540dn_firmwarehl-2560dn_firmwaremfc-j3530dw_firmwaredcp-1615nw_firmwaremfc-j5830dw_firmwarehl-l8260cdn_firmwaremfc-j5335dw_firmwaremfc-j887ndocuprint_p265_dwdcp-j4220n-b_firmwaremfc-j5720dwdcp-1617nw_firmwarehl-l2340dwrdcp-1612wmfc-j6983cdw_firmwaredcp-j582nmfc-1911nw_firmwarehl-1210we-studio_301dndcp-j567nhl-l2305w_firmwaremfc-j830d\(w\)ndocuprint_m268_zdcp-1612wedcp-j968n-bhl-1210we_firmwaremfc-j6980cdw_firmwaremfc-j6535dw_firmwaremfc-j890dwdocuprint_m118_w_firmwaredcp-j774dwdcp-t510w\(china\)_firmwaremfc-1910w_firmwaremfc-j2730dwmfc-j5320dwmfc-1910we_firmwaremfc-j997d\(w\)n_firmwarehl-l2360dn_firmwaremfc-j998dwndcp-j572n_firmwaredocuprint_m225_zmfc-7880dn_firmwaremfc-j890dw_firmwaremfc-j5330dw_firmwaredcp-j973n-w_firmwaremfc-j6995cdw_firmwaremfc-j738dwn_firmwaredcp-j987n-w_firmwarehl-l2380dwhl-1212wvb_firmwaremfc-j4320dw_firmwaredcp-j785dw_firmwaremfc-l2703dwmfc-l8610cdw\(japan\)_firmwaredcp-1612wvbdcp-l2540dw_firmwaremfc-1915wmfc-l8690cdw_firmwaredcp-t710w\(china\)mfc-l9577cdw_firmwaremfc-j730d\(w\)nmfc-l2720dnmfc-j737d\(w\)ne-studio_302dnf_firmwarehl-1212wdcp-j762n_firmwaredcp-j4225n-wdocuprint_p268_d_firmwaremfc-j885dw_firmwaremfc-j903nmfc-1919nwmfc-t810w_firmwarehl-l8260cdwmfc-l2700dndocuprint_m118_wdcp-j767nmfc-j4620dw_firmwaremfc-l2700dn_firmwaremfc-j5620dw_firmwaree-studio_301dn_firmwaredcp-1612w_firmwarehl-1211wmfc-j4420dwmfc-j460dw_firmwaredcp-j962nmfc-1911w_firmwaremfc-l2707dw_firmwaremfc-l8690cdwdcp-l2540dnrdcp-j577n_firmwaremfc-j497dw_firmwaremfc-l9570cdw\(japan\)_firmwaremfc-j880dw_firmwarehl-l2360dnr_firmwaredcp-j572dw_firmwaremfc-j5720cdw\(japan\)mfc-j985dw_firmwaremfc-j6730dwmfc-j4720ndcp-j4120dw_firmwaremfc-j5630cdwmfc-j775dw_firmwarehl-1212wr_firmwaremfc-l2740dwrdcp-1622wedcp-j562nmfc-j4725nmfc-l2740dwmfc-t910dwmfc-j837d\(w\)nmfc-j730d\(w\)n_firmwaredocuprint_p268_dwmfc-j880dwmfc-j907d\(w\)nmfc-j6935dw_firmwaremfc-j485dw_firmwaremfc-l2700dnrmfc-j6530dw_firmwaremfc-j5920dw_firmwarehl-1212wemfc-l2700dnr_firmwarehl-l2361dnhl-l2366dwmfc-j4420dw_firmwaredcp-1622we_firmwaremfc-j6935dwdcp-j774dw_firmwaremfc-j4625dw_firmwarehl-l8260cdw_firmwaredocuprint_m115_wmfc-j6980cdwdcp-j981nmfc-t810w\(china\)mfc-j738dnmfc-l2700dwr_firmwaredocuprint_p268_dw_firmwaremfc-j5930dw_firmwaredcp-1623wemfc-j690dw_firmwaremfc-j4625dwmfc-l2720dwmfc-l2700dwrdcp-7180dndcp-1623we_firmwaremfc-j2330dwmfc-l8610cdw_firmwaremfc-j690dwmfc-7880dnhl-l2360dwhl-l2380dw_firmwarehl-1223wemfc-1919nw_firmwaremfc-j6580cdw_firmwaremfc-j887n_firmwarehl-1212wrn/adocuprint_p115_wmfc-j960dwn_firmwaree-studio_301dn_302dnf
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-8495
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.5||HIGH
EPSS-6.51% / 90.91%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 16:04
Updated-17 Jan, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

Action-Not Available
Vendor-Ivanti Software
Product-connect_securepolicy_securePolicy SecureConnect Securepolicy_secureconnect_secure
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2953
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.61%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-10 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Action-Not Available
Vendor-openldapn/aRed Hat, Inc.Apple Inc.NetApp, Inc.
Product-h300smacosh500s_firmwareh410s_firmwareh700s_firmwareh410sh700sh410c_firmwareontap_toolsactive_iq_unified_managerenterprise_linuxh500sh410ch300s_firmwareclustered_data_ontapopenldapopenldap
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-2488
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.31% / 79.49%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 19:48
Updated-07 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.

Action-Not Available
Vendor-zncznc
Product-zncznc
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 13:48
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.

Action-Not Available
Vendor-embedthisn/a
Product-appwebn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15191
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.62%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:41
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undefined behavior in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-252
Unchecked Return Value
CVE-2017-15286
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.96%
||
7 Day CHG~0.00%
Published-12 Oct, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.

Action-Not Available
Vendor-sqliten/a
Product-sqliten/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.08%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 21:24
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-acrnn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-28625
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.15%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 13:19
Updated-10 Apr, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.

Action-Not Available
Vendor-openidcOpenIDC
Product-mod_auth_openidcmod_auth_openidc
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15204
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.46%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:46
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in Tensorflow

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found