Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-29296

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Aug, 2021 | 19:52
Updated At-03 Aug, 2024 | 22:02
Rejected At-
Credits

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Aug, 2021 | 19:52
Updated At:03 Aug, 2024 | 22:02
Rejected At:
▼CVE Numbering Authority (CNA)

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dlink.com/en/security-bulletin/
x_refsource_MISC
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
x_refsource_MISC
Hyperlink: https://www.dlink.com/en/security-bulletin/
Resource:
x_refsource_MISC
Hyperlink: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
D-Link Corporationd-link
Product
dir-825
CPEs
  • cpe:2.3:h:d-link:dir-825:2.10b02:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.10b02
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dlink.com/en/security-bulletin/
x_refsource_MISC
x_transferred
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
x_refsource_MISC
x_transferred
Hyperlink: https://www.dlink.com/en/security-bulletin/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Aug, 2021 | 20:15
Updated At:03 Aug, 2024 | 22:15

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
D-Link Corporation
dlink
>>dir-825_firmware>>2.10b02
cpe:2.3:o:dlink:dir-825_firmware:2.10b02:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-825>>-
cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212cve@mitre.org
Vendor Advisory
https://www.dlink.com/en/security-bulletin/cve@mitre.org
Vendor Advisory
Hyperlink: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10212
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.dlink.com/en/security-bulletin/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

910Records found
CVE-2016-10210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.65%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 05:44
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.

Action-Not Available
Vendor-virustotaln/a
Product-yaran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24847
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer Dereference in Modem

Transient DOS in Modem while allocating DSM items.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresnapdragon_x20_lte_modemsd865_5gsnapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwaresm7250-absnapdragon_x50_5g_modem-rf_systemwcd9340_firmwarewcd9395_firmwareqcn6024qcc710_firmwareqca6426sc8180x-abfastconnect_6700qcn5124_firmwaresm7325-ae_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformqca6574au_firmwareqcn7606_firmwareipq8078a_firmwarewcd9341snapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresm8150-acfsm10055sd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm7150-acsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwareqcn9000sm7250-aa_firmwaresnapdragon_695_5g_mobile_platform_firmwaresc8180xp-acvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310snapdragon_630_mobile_platformipq8074a_firmwareipq8076awcd9360snapdragon_8_gen_1_mobile_platform_firmwaresa6155psm7150-ac_firmwareqca6564au_firmwareqca8075sa6155p_firmwaresd835qca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070sc8180x-afsnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresm8250-ac_firmwareqca6420wcn3910csrb31024snapdragon_x70_modem-rf_system_firmwaresnapdragon_845_mobile_platformmdm9250_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformqca6574asm7325-aeqca6174awcd9340snapdragon_630_mobile_platform_firmwareqcm2290qdu1210sm6150-acsc8180xp-aa_firmwareqcn5154_firmwaresm8150-ac_firmwaresm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988qcn5122_firmwarepmp8074qcn9024snapdragon_460_mobile_platform_firmwareqca6574sm7325-afsnapdragon_x75_5g_modem-rf_systemsdx57msc8180xp-ac_firmwareqcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareipq8071awcn3950_firmwaresnapdragon_8_gen_1_mobile_platformsc7180-acfastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460wcd9360_firmwareqdx1011smart_audio_400_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwaresnapdragon_750g_5g_mobile_platformqcn9072sm7150-aaqcn6224_firmwareqca6431sd660_firmwaresdx57m_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320qca4024_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareipq8070qcn9074wsa8815_firmwaresm8250-abqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173sm8350-ac_firmwaresm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresd_675_firmwaresnapdragon_720g_mobile_platformqca9984ipq5010_firmwareqcn9022_firmwaresm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresm7150-aa_firmwaresnapdragon_845_mobile_platform_firmwaresd888fsm10055_firmwareqru1062_firmwaresd460_firmwaresnapdragon_4_gen_2_mobile_platformqru1062qca6310_firmwarefastconnect_6800sm8250-acwcd9371fastconnect_6900_firmwaresc8180xp-aasnapdragon_xr2_5g_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaresnapdragon_835_mobile_pc_platformvideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca6431_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3999_firmwareqcn7605_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwaresc8180xp-abqcn5024snapdragon_690_5g_mobile_platformqca6430qdx1011_firmwaresc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfsm7250-ab_firmwareqru1052csra6640_firmwareqca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwarewcn3980_firmwareqca6436snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqdu1010_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660wsa8815qca9377qcm4325_firmwareqcm4290_firmwareqca9888_firmwareqca9889qcn5024_firmwareipq5010smart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformqru1052_firmwaresnapdragon_670_mobile_platformcsra6620_firmwaresc8180xp-af_firmwareqcs8550sd865_5g_firmwarepmp8074_firmwaresc7180-ad_firmwarewcd9375qca9889_firmwaresa8145psd_675immersive_home_316_platformsm4350-ac_firmwarecsr8811sc7180-ac_firmwaresm7250-ac_firmwareqdx1010qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100psxr1120qcn9000_firmwarevision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696wcd9341_firmwareipq8076wcn6740_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqdu1110snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640sc8180x-af_firmwareqcn9100_firmwareqcn5122sd730qcn6024_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwarec-v2x_9150qcc710snapdragon_850_mobile_compute_platformsxr1120_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900qru1032_firmwareqcn5052qfw7114315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemsa8155_firmwaresm7150-abqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490sc7180-adsc8180xp-afmdm9250snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qca6421_firmwareqcm6125sc8180x-adcsr8811_firmwarewsa8810qcn5021qdu1000_firmwaresnapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7315_firmwareqdu1010wcd9326_firmwarewsa8840qcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwarewcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqdu1110_firmwareqdu1000sa8195pqca6335_firmwareqcm6490immersive_home_316_platform_firmwareipq8076a_firmwaresd675_firmwareqca6430_firmwaresc8180x-aaqcn9024_firmwarewsa8845hsa6150psm7250-aawcd9326sa8155p_firmwareqca6564asnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072asa6155qcm4325qcn6224sc8180x\+sdx55qca6698aqsm6250sm7250-acsc8180x-aa_firmwaresd670sa8145p_firmwaresa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwaresnapdragon_636_mobile_platform_firmwarewcn3990snapdragon_680_4g_mobile_platform_firmwareipq8078qcs6490snapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwaresnapdragon_675_mobile_platform_firmwareqcn5022_firmwaresm8250-ab_firmwareqca6564ausc8180xp-adsm6250p_firmwareimmersive_home_214_platform_firmwaresm7325-af_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888snapdragon_680_4g_mobile_platformsd_455_firmwarear8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformqru1032robotics_rb3_platform_firmwaresnapdragon_xr2_5g_platformqcs6125snapdragon_7c\+_gen_3_computesnapdragon_670_mobile_platform_firmwaresd_455sm6250_firmwaresc8180x-ad_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqcn6274_firmwareqca6320_firmwaresw5100_firmwarewcn6740sm6225-ad_firmwareqfw7114_firmwareqca4024fastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380sa6145p_firmwaresa6155_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresm6225-adsd662_firmwaresm4350-acipq6010sw5100aqt1000c-v2x_9150_firmwaresd855sc8180x-ab_firmwarewcn3990_firmwaresm7315qca6564a_firmwarewcd9385sc8180xp-ab_firmwaresd662qcs4290sg8275psm6250psdx55_firmwareipq8071a_firmwaresxr2130ipq6028qcm4490snapdragon_636_mobile_platformqcn9100sm7150-ab_firmwareqca6174a_firmwaresm7325psnapdragon_855_mobile_platform_firmwareaqt1000_firmwaresm6150-ac_firmwareqcn5152_firmwaresc8180x-acqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresc8180x-ac_firmwaresw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150pqcn5124qcn5152vision_intelligence_400_platformqca6574a_firmwaresdx55qcn9072_firmwareipq8074aimmersive_home_318_platformsd675wcd9375_firmwareqca6391snapdragon_x70_modem-rf_systemipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_xr1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragonqcn5024_firmwareqca9377_firmwaresnapdragon_850_mobile_compute_platform_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresm6250p_firmwaresa8145p_firmware315_5g_iot_modem_firmwareqcs2290_firmwaresnapdragon_x24_lte_modem_firmwaresg8275p_firmwareipq8173_firmwareqca6431_firmwarewcd9360_firmwarefsm10055_firmwareqcn6224_firmwareqca4024_firmwaresnapdragon_x20_lte_modem_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresd730_firmwaresnapdragon_auto_4g_modem_firmwaresd_455_firmwarecsra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwareqcn9000_firmwareqca9984_firmwarequalcomm_video_collaboration_vc3_platform_firmwaresd_8cx_firmwarewcd9371_firmwarewcd9385_firmwareqcn6024_firmwarewcd9326_firmwareimmersive_home_316_platform_firmwaresnapdragon_660_mobile_platform_firmwareqcn5124_firmwaresd460_firmwaresm7315_firmwareqca6320_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwaresnapdragon_835_mobile_pc_platform_firmwareqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcd9375_firmwarewcn3999_firmwarewsa8845h_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresnapdragon_auto_5g_modem-rf_firmwareipq8070_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwaresmart_audio_400_platform_firmwaresnapdragon_x70_modem-rf_system_firmwarewsa8840_firmwaresa8155_firmwarerobotics_rb3_platform_firmwareqcs8550_firmwaresd662_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwareqru1062_firmwaresa6145p_firmwarefastconnect_6700_firmwarewsa8810_firmwarewcd9395_firmwareqdu1000_firmwareqca6698aq_firmwareqca6174a_firmwareipq8071a_firmwaremdm9250_firmwareqcs4290_firmwareqca9888_firmwaresxr2130_firmwareqca6696_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwareqcn5154_firmwaresnapdragon_665_mobile_platform_firmwareqru1052_firmwarewcn3910_firmwaresnapdragon_855_mobile_platform_firmwaresm6250_firmwareqcc710_firmwareqcn9100_firmwaresnapdragon_712_mobile_platform_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresd660_firmwaresnapdragon_636_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwareqcn7606_firmwaresxr1120_firmwareimmersive_home_216_platform_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqcm6125_firmwaresnapdragon_675_mobile_platform_firmwareqcm2290_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwareipq8076a_firmwareqdu1010_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwareqdu1110_firmwarecsr8811_firmwareqcn5054_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarec-v2x_9150_firmwareqca6310_firmwareqca8072_firmwareqca6430_firmwareqcn5052_firmwareqcn9012_firmwareqfw7114_firmwareipq8070a_firmwarewcd9335_firmwareqca6335_firmwareipq6018_firmwareipq8076_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwarepmp8074_firmwaresdx57m_firmwareqru1032_firmwaresnapdragon_630_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8845_firmwareqca6426_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqcn6274_firmwareqcs4490_firmwarear8031_firmwarecsrb31024_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareipq6028_firmwareipq8072a_firmwareqca9889_firmwaresa8155p_firmwareqdx1011_firmwareqca6564a_firmwareipq8174_firmwareqcn9024_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm4290_firmwareqcn7605_firmwareqdx1010_firmwaresw5100p_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresd835_firmwareipq6010_firmwaresnapdragon_720g_mobile_platform_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwareimmersive_home_214_platform_firmwarewcd9370_firmwaresm8550p_firmwaresd888_firmwareqcn9022_firmwareqcn5021_firmwarewcd9390_firmwareqcn9072_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqfw7124_firmwareqdu1210_firmwarear8035_firmwaresnapdragon_xr1_platform_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24940
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.65% / 87.39%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-23108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.80%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.

Action-Not Available
Vendor-crasm_projectn/a
Product-crasmn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-9217
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 80.29%
||
7 Day CHG~0.00%
Published-24 May, 2017 | 04:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.

Action-Not Available
Vendor-systemd_projectn/a
Product-systemdn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-3385
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-1.72% / 81.62%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 17:06
Updated-24 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-ospa-7050pa-5445pa-7080pa-5420pa-5430pa-5410pa-5440Cloud NGFWPAN-OSPrisma Accessprisma_accesspan-oscloud_ngfw
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-01 Oct, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22839
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:56
Updated-26 Mar, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP DNS profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_i7800big-ip_i10600_firmwarebig-ip_i15800_firmwareviprion_b2250_firmwarebig-ip_7200v-ssl_firmwarebig-ip_local_traffic_managerbig-ip_i5800r5800big-ip_7200v_firmwarer10600viprion_b2150big-ip_i11800big-ip_10200v-sslbig-ip_5000s_firmwarevelos_bx110big-ip_i11600big-ip_i15800big-ip_i5800_firmwarebig-ip_7200vbig-ip_5200v-ssl_firmwarebig-ip_10200v-ssl_firmwarebig-ip_domain_name_systembig-ip_7000s_firmwarebig-ip_i10800_firmwarer5900big-ip_i15600big-ip_i11800_firmwarebig-ip_12000_firmwarer10900_firmwarebig-ip_10000sviprion_b2100big-ip_5200v_firmwarebig-ip_i7600big-ip_5200v-sslbig-ip_i7800_firmwarer10900big-ip_10200vviprion_b4450_firmwarer5600big-ip_12000viprion_b2250r5800_firmwarebig-ip_5200vbig-ip_i5600_firmwarer5600_firmwarer5900_firmwarer10600_firmwarebig-ip_10000s_firmwarebig-ip_7000sbig-ip_i5600viprion_b4300r10800_firmwarer10800viprion_b4300_firmwarevelos_bx110_firmwarebig-ip_i15600_firmwarebig-ip_i10800viprion_b2100_firmwarebig-ip_i10600big-ip_10200v_firmwarebig-ip_7200v-sslbig-ip_5000sbig-ip_i7600_firmwareviprion_b4450big-ip_i11600_firmwareviprion_b2150_firmwareBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-21757
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.35% / 88.49%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22341
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:54
Updated-26 Mar, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP APM OAuth vulnerability

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-21758
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-51.61% / 97.81%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22340
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:54
Updated-26 Mar, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SIP profile vulnerability

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-19752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.26%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 19:42
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

Action-Not Available
Vendor-lcdfn/aFedora Project
Product-fedoragifsiclen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-21700
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.46% / 90.68%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows iSCSI Discovery Service Denial of Service Vulnerability

Windows iSCSI Discovery Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-21683
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-5.79% / 90.14%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-1730
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 00:00
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Action-Not Available
Vendor-libsshRed Hat, Inc.NetApp, Inc.Canonical Ltd.Oracle CorporationFedora Project
Product-ubuntu_linuxcloud_backupfedoraenterprise_linuxlibsshmysql_workbenchlibssh
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-21547
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.46% / 90.68%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2009-1902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.79% / 94.03%
||
7 Day CHG~0.00%
Published-03 Jun, 2009 | 16:33
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.

Action-Not Available
Vendor-trustwaven/aFedora Project
Product-modsecurityfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-5193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.88% / 82.38%
||
7 Day CHG~0.00%
Published-03 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.

Action-Not Available
Vendor-irssin/aDebian GNU/Linux
Product-debian_linuxirssin/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-32661
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.25%
||
7 Day CHG-0.01%
Published-23 Apr, 2024 | 20:05
Updated-13 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP rdp_write_logon_info_v1 NULL access

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Action-Not Available
Vendor-FreeRDPFedora Project
Product-fedorafreerdpFreeRDPfreerdp
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-18730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.15%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 20:07
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).

Action-Not Available
Vendor-iec104_projectn/a
Product-iec104n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-1387
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-13.36% / 93.91%
||
7 Day CHG~0.00%
Published-04 Jun, 2009 | 16:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

Action-Not Available
Vendor-n/aCanonical Ltd.OpenSSLRed Hat, Inc.
Product-ubuntu_linuxopenssln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31175
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:56
Updated-20 Sep, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TablePropertiesList::unpack. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-17525
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-9.50% / 92.52%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 09:20
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote unauthenticated denial-of-service in Subversion mod_authz_svn

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-subversiondebian_linuxApache Subversion
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-18395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.85%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 20:36
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.

Action-Not Available
Vendor-n/aGNU
Product-gaman/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-18731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.30%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 20:07
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).

Action-Not Available
Vendor-iec104_projectn/a
Product-iec104n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-1444
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.01%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 06:33
Updated-26 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Filseclab Twister Antivirus IoControlCode fildds.sys 0x8011206B denial of service

A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects the function 0x8011206B in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.

Action-Not Available
Vendor-filseclabFilseclab
Product-twister_antivirusTwister Antivirus
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0122
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-04 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0216
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.26%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 19:03
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid pointer dereference in d2i_PKCS7 functions

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

Action-Not Available
Vendor-stormshieldOpenSSL
Product-stormshield_management_centeropensslOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15204
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.64%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:46
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in Tensorflow

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0217
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.48%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 19:02
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL dereference validating DSA public key

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

Action-Not Available
Vendor-OpenSSL
Product-opensslOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0359
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.52%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 04:21
Updated-12 Nov, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ipv6: Missing ipv6 nullptr-check in handle_ra_input

A missing nullptr-check in handle_ra_input can cause a nullptr-deref.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15190
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.91%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:35
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CVE-2024-31041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.80%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 00:00
Updated-10 Jun, 2025 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.

Action-Not Available
Vendor-emqxn/aemqx
Product-nanomqn/ananomq
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31167
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:55
Updated-20 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack13. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31196
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:59
Updated-20 Sep, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::ActionList::unpack10. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31165
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:54
Updated-20 Sep, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::SetFieldAction::unpack. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15191
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.74%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:41
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undefined behavior in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-252
Unchecked Return Value
CVE-2022-4843
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-29 Dec, 2022 | 00:00
Updated-09 Apr, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in radareorg/radare2

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31164
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:54
Updated-20 Sep, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31185
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:57
Updated-20 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MeterBandList::unpack. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-16118
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.77%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 17:58
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

Action-Not Available
Vendor-n/aThe GNOME ProjectopenSUSE
Product-balsabackports_sleleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.74%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 13:48
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.

Action-Not Available
Vendor-embedthisn/a
Product-appwebn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-20746
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.91% / 74.92%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 03:15
Updated-06 Nov, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-48606
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 01:27
Updated-24 Sep, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.81%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.44%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 16:52
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

Action-Not Available
Vendor-troglobitn/a
Product-uftpdn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-01 Oct, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

Action-Not Available
Vendor-n/afreedesktop.orgDebian GNU/Linux
Product-popplerdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.88%
||
7 Day CHG~0.00%
Published-26 Sep, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14435
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.Talos (Cisco Systems, Inc.)
Product-edr-810_firmwareedr-810Moxa
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 18
  • 19
  • Next
Details not found