Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-32987

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-23 Sep, 2021 | 13:33
Updated At-16 Sep, 2024 | 23:40
Rejected At-
Credits

AVEVA SuiteLink Server Null Pointer Dereference

Null pointer dereference in SuiteLink server while processing command 0x0b

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:23 Sep, 2021 | 13:33
Updated At:16 Sep, 2024 | 23:40
Rejected At:
▼CVE Numbering Authority (CNA)
AVEVA SuiteLink Server Null Pointer Dereference

Null pointer dereference in SuiteLink server while processing command 0x0b

Affected Products
Vendor
AVEVAAVEVA Software, LLC
Product
AVEVA System Platform 2020
Versions
Affected
  • From unspecified through R2 P01 (custom)
Vendor
AVEVAAVEVA Software, LLC
Product
AVEVA InTouch 2020
Versions
Affected
  • From unspecified through R2 P01 (custom)
Vendor
AVEVAAVEVA Software, LLC
Product
AVEVA Historian 2020
Versions
Affected
  • From unspecified through R2 P01 (custom)
Vendor
AVEVAAVEVA Software, LLC
Product
AVEVA Communication Drivers Pack 2020
Versions
Affected
  • From unspecified through R2 (custom)
Vendor
AVEVAAVEVA Software, LLC
Product
AVEVA Batch Management 2020
Versions
Affected
  • From unspecified through 2020 (custom)
Vendor
AVEVAAVEVA Software, LLC
Product
AVEVA MES 2014
Versions
Affected
  • From unspecified through R2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

AVEVA recommends organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing. Please see AVEVA security bulletin AVEVA-2021-003 for more information.

Configurations
Workarounds
Exploits
Credits
Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf
x_refsource_CONFIRM
Hyperlink: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:23 Sep, 2021 | 14:15
Updated At:01 Oct, 2021 | 18:48

Null pointer dereference in SuiteLink server while processing command 0x0b

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
AVEVA
aveva
>>suitelink>>Versions before 3.2.002(exclusive)
cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primaryics-cert@hq.dhs.gov
CWE ID: CWE-476
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdfics-cert@hq.dhs.gov
Patch
Vendor Advisory
Hyperlink: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf
Source: ics-cert@hq.dhs.gov
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

844Records found
CVE-2021-32971
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.08%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 13:32
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA SuiteLink Server Null Pointer Dereference

Null pointer dereference in SuiteLink server while processing command 0x07

Action-Not Available
Vendor-AVEVA
Product-suitelinkAVEVA Batch Management 2020AVEVA Communication Drivers Pack 2020AVEVA MES 2014AVEVA InTouch 2020AVEVA System Platform 2020AVEVA Historian 2020
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32979
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.08%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 13:32
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA SuiteLink Server Null Pointer Dereference

Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a

Action-Not Available
Vendor-AVEVA
Product-suitelinkAVEVA Batch Management 2020AVEVA Communication Drivers Pack 2020AVEVA MES 2014AVEVA InTouch 2020AVEVA System Platform 2020AVEVA Historian 2020
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32963
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.08%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 13:32
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA SuiteLink Server Null Pointer Dereference

Null pointer dereference in SuiteLink server while processing commands 0x03/0x10

Action-Not Available
Vendor-AVEVA
Product-suitelinkAVEVA Batch Management 2020AVEVA Communication Drivers Pack 2020AVEVA MES 2014AVEVA InTouch 2020AVEVA System Platform 2020AVEVA Historian 2020
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32999
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.77%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 13:33
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA SuiteLink Server Improper Handling of Exceptional Conditions

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01

Action-Not Available
Vendor-AVEVA
Product-suitelinkAVEVA Batch Management 2020AVEVA Communication Drivers Pack 2020AVEVA MES 2014AVEVA InTouch 2020AVEVA System Platform 2020AVEVA Historian 2020
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-33010
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.68%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:45
Updated-16 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA System Platform Uncaught Exception

An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.

Action-Not Available
Vendor-AVEVA
Product-system_platformAVEVA System Platform
CWE ID-CWE-248
Uncaught Exception
CVE-2017-9962
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.46%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.

Action-Not Available
Vendor-AVEVA
Product-clearscadaClearSCADA
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6021
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.64%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 14:00
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-AVEVA
Product-clearscadaClearSCADA
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34348
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.56%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 17:16
Updated-21 Oct, 2024 | 12:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Check or Handling of Exceptional Conditions in Aveva PI Server

AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.

Action-Not Available
Vendor-AVEVA
Product-pi_serverPI Server
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-13537
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.24%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 18:05
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.

Action-Not Available
Vendor-AVEVA
Product-iec870ip_firmwareiec870ipVijeo Citect and Citect SCADA
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.81%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.

Action-Not Available
Vendor-openslpn/a
Product-openslpn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-23076
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.29%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 00:00
Updated-27 May, 2025 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

Action-Not Available
Vendor-jfreen/ajfree
Product-jfreechartn/ajfreechart
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-0203
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.30% / 88.42%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 15:59
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-subversionApache Subversion
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33089
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.71%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in WLAN Firmware

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresa6150p_firmwaresd865_5gipq9574qcn9000_firmwareqcn6102_firmwareqca6595qcn9022ipq6028_firmwareimmersive_home_214_platformqca8081_firmwarewcd9370qcn9001qca8072qca6696wcd9340_firmwarewcd9341_firmwareipq5028_firmwarewcd9395_firmwareqcn6024qcn9003_firmwarear9380snapdragon_sc8180xp-aa_firmwareqcc710_firmwareqcc2073_firmwareqca6426ipq8076wcn6740_firmwarefastconnect_6700qca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023sa4150pqcn5124_firmwarewsa8832_firmwareimmersive_home_216_platformqca8337qca9994_firmwareqca6426_firmwarewcd9395ipq6000snapdragon_auto_4g_modemqca6574au_firmwareipq8078aipq8078a_firmwareqam8295pwcd9341qca6574auwcd9390wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwareqcn9100_firmwareqca2064_firmwareqcn5122qca6554afastconnect_6800_firmwareqcs5430qcn6024_firmwareqca9886_firmwareqcm5430qcm5430_firmwaresnapdragon_778g\+_5g_mobile_platformsa8770pqcn9000ssg2115pqcc710qcn6132_firmwareqca2062_firmwareqsm8250_firmwareqsm8350_firmwareqcn5054315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114wcd9385_firmwareqca6421315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareipq8074a_firmwareipq8076awcd9360qcn5164snapdragon_888_5g_mobile_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwareqcs4490snapdragon_8_gen_1_mobile_platform_firmwareimmersive_home_3210_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845sa6155psnapdragon_sc8180x-aaqcn6100_firmwareqca6421_firmwareqca6564au_firmwarecsr8811_firmwaresnapdragon_sc8180xp-aaqca8075wsa8810qcn5021qam8650psa9000pqca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwaresa6155p_firmwarewsa8840qcs8550_firmwareqca9986_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6436_firmwareqcn9012snapdragon_sc8180x-adsnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070qcs4490_firmwaresnapdragon_8_gen_2_mobile_platformqcf8001snapdragon_7c\+_gen_3_compute_firmwareqca8084qca6420sdx65mwcd9370_firmwarecsrb31024snapdragon_x55_5g_modem-rf_system_firmwareqcc2076qca6574aipq9570sa8195pwcd9340snapdragon_auto_5g_modem-rf_gen_2qcm6490immersive_home_316_platform_firmwareqcn6122_firmwareqcn5154_firmwaresm8550p_firmwareimmersive_home_3210_platformqcm8550qcn5122_firmwareqcn9274qcn9024pmp8074ipq8076a_firmwaresa8775pqca6574snapdragon_x75_5g_modem-rf_systemipq9570_firmwaresxr2230p_firmwarear9380_firmwareqca2066_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformqcn9011sa8775p_firmwareqcn9024_firmwarewsa8845hqca8082sa6150psa8155p_firmwaresa8155pqca8072_firmwarewsa8830snapdragon_sc8180x-acsm8550pqcf8000_firmwaresa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn9074_firmwareipq8174sc8180x\+sdx55_firmwareqcn6122sa8255p_firmwareflight_rb5_5g_platform_firmwareqcc2073ipq8174_firmwarear8035ipq8072asa6155qrb5165m_firmwareqca2065qca9985robotics_rb5_platformqcn6224ipq8071aqcn6112sc8180x\+sdx55wcn3950_firmwareqca6698aqssg2125p_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200sm7325p_firmwaresa8145p_firmwarewcd9360_firmwaresnapdragon_sc8280xp-ab_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwareqcn9002ipq8078immersive_home_326_platform_firmwareqcs6490ipq9554_firmwarefastconnect_6200_firmwaresnapdragon_sc8180xp-acqcn9072wsa8830_firmwareqcn6224_firmwareqca6431qca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832qca8082_firmwaresnapdragon_auto_4g_modem_firmwareqcc2076_firmwaresxr2130_firmwareqca6678aqar8035_firmwareqcn5022_firmwareqca9992qrb5165msnapdragon_888_5g_mobile_platformsc8380xpqca1064sa4150p_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwareipq9008ipq9554qca6564auqca9992_firmwareqca9990ipq8070ipq9008_firmwareqcn9074immersive_home_214_platform_firmwarewsa8815_firmwaresa8195p_firmwareqca8337_firmwareqcn5054_firmwareqca9888ipq5332qcn9013sg8275p_firmwareipq8173qcm6490_firmwareipq8072a_firmwareipq6010_firmwareqcm4490_firmwarewcn3950flight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformqca8085_firmwaresa8295p_firmwareqca9984ipq5010_firmwareqcn9022_firmwareqca9886qcn6132csrb31024_firmwareipq6018sa8155qcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584ausd888qcn6274_firmwareqcn9011_firmwarewcn6740sc8380xp_firmwareipq8065fastconnect_6800qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn9001_firmwareimmersive_home_216_platform_firmwaresnapdragon_782g_mobile_platform_firmwareipq8070afastconnect_6900_firmwarewcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_sc8280xp-absa8150pqcn9003qca8075_firmwaresnapdragon_778g_5g_mobile_platformqcf8000qcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psnapdragon_865\+_5g_mobile_platformqca2065_firmwaresnapdragon_sc8180x-ad_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformipq6010aqt1000snapdragon_sc8180xp-ad_firmwaresnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqam8295p_firmwareqca6431_firmwaresm7315qca6698aq_firmwarewcd9385qca9994qsm8350qca8084_firmwaresa8255psxr1230p_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareqcn5024snapdragon_865\+_5g_mobile_platform_firmwareqca6430sg8275psdx55_firmwareipq8071a_firmwaresnapdragon_auto_5g_modem-rfssg2125pqca6554a_firmwaresnapdragon_sc8180x-ac_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformimmersive_home_326_platformsm7325pqam8650p_firmwareqcn9013_firmwareqca2062qca6420_firmwareaqt1000_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwarewcn3980_firmwareqca6584au_firmwareqrb5165n_firmwareqca6436snapdragon_sc8180x-aa_firmwareqcn5152_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqcn6274qfw7124qca6595au_firmwareqca0000snapdragon_sc8180xp-ac_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformipq8068qca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwareqca6574_firmwareqca8081wsa8815sd_8_gen1_5gqcn5124qam8775pipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwareqca9888_firmwareipq8074aimmersive_home_318_platformqca9889qca1062qcn5024_firmwareqcn9002_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca8386ipq5010qca6391qcn9274_firmwaresnapdragon_sc8180xp-adsnapdragon_778g_5g_mobile_platform_firmwareqcs5430_firmwareipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwareqcs8550ipq8068_firmwareipq6000_firmwarefastconnect_7800qam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375ipq8078_firmwareqca9889_firmwareipq8070_firmwaresa8145pqcn5154immersive_home_316_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca2066wsa8835_firmwaressg2115p_firmwarecsr8811qcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-22733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.98% / 75.83%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 00:00
Updated-05 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-mr200_firmwaremr200n/atl-mr200_v4_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-22052
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.96% / 85.94%
||
7 Day CHG+0.16%
Published-04 Apr, 2024 | 19:45
Updated-03 Oct, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

Action-Not Available
Vendor-Ivanti Software
Product-policy_secureconnect_securePolicy SecureConnect Securepolicy_secureconnect_secure
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-1967
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-67.22% / 98.50%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 13:45
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segmentation fault in SSL_check_chain

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Action-Not Available
Vendor-jdedwardsFreeBSD FoundationFedora ProjectOracle CorporationTenable, Inc.Broadcom Inc.Debian GNU/LinuxopenSUSEOpenSSLNetApp, Inc.
Product-freebsdjd_edwards_world_securitypeoplesoft_enterprise_peopletoolsenterprise_manager_for_storage_managementopenssle-series_performance_analyzeractive_iq_unified_managerlog_correlation_enginemysql_connectorsleaponcommand_workflow_automationmysql_workbenchsnapcentersteelstore_cloud_integrated_storagehttp_servermysqldebian_linuxsmi-s_providermysql_enterprise_monitorfedoraenterpriseoneapplication_serverfabric_operating_systementerprise_manager_ops_centerenterprise_manager_base_platformoncommand_insightOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-1752
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.61% / 90.80%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Fedora ProjectThe Apache Software FoundationApple Inc.
Product-ubuntu_linuxfedoradebian_linuxmac_os_xsubversionn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-9240
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

Action-Not Available
Vendor-ncmpc_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxncmpcdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-21664
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 19:18
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28.

Action-Not Available
Vendor-lestrrat-golestrrat-go
Product-jwxjwx
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33109
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 39.05%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in WLAN Firmware

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd865_5gqca6595snapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwareqcn9001snapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwaresnapdragon_730_mobile_platformqcn6024ar9380qcc710_firmwareqca6426fastconnect_6700snapdragon_768g_5g_mobile_platform_firmwaresa4150pqcn5124_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqcn7606_firmwareipq8078a_firmwareqam8295pwcd9341wsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_8cx_gen_2_5g_compute_platformqca2064_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_778g\+_5g_mobile_platformqcn9000snapdragon_8cx_compute_platform_firmwareqca2062_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwareqsm8250_firmwareqsm8350_firmwaresnapdragon_765g_5g_mobile_platformvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310ipq8074a_firmwareipq8076awcd9360snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_7c_compute_platformimmersive_home_3210_platform_firmwaresnapdragon_685_4g_mobile_platformsa6155pqca6564au_firmwaresnapdragon_768g_5g_mobile_platformqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa6155p_firmwaresd835snapdragon_870_5g_mobile_platform_firmwareqca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_7c_compute_platform_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwareqca8084sm4125_firmwareqca6420snapdragon_7c_gen_2_compute_platform_firmwarewcn3910csrb31024snapdragon_845_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwareqcc2076snapdragon_660_mobile_platformqca6574aqca9898_firmwarewcd9340qcs8250_firmwareqcm2290qcn6122_firmwareqcn5154_firmwareipq8074sm8550p_firmwareqcm8550wcn3988qcn5122_firmwareqcn9024pmp8074snapdragon_460_mobile_platform_firmwareqca6574snapdragon_x75_5g_modem-rf_systemsnapdragon_8cx_compute_platformqca2066_firmwareqca8082qcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareqcn6122sa8255p_firmwareqcc2073qrb5165m_firmwaresnapdragon_678_mobile_platform_firmwareqca9985ipq8071aqcn6112wcn3950_firmwareqrb5165nsnapdragon_8_gen_1_mobile_platformqca1062_firmwarefastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460snapdragon_730g_mobile_platformsnapdragon_8cx_gen_2_5g_compute_platform_firmwarewcd9360_firmwaresmart_audio_400_platformsnapdragon_855\+\/860_mobile_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwareimmersive_home_326_platform_firmwareqca6438_firmwaresnapdragon_750g_5g_mobile_platformqcn9072qcn6224_firmwareipq4028_firmwareqca6431sd660_firmwareqca8082_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_730_mobile_platform_firmwareqrb5165msnapdragon_888_5g_mobile_platformqca1064qca6320snapdragon_w5\+_gen_1_wearable_platform_firmwareqca4024_firmwareqca0000_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareqca9992_firmwareqca6428qca9990ipq8070ipq9008_firmwareqcn9074wsa8815_firmwareqca8337_firmwareipq8173snapdragon_8c_compute_platformsm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_765g_5g_mobile_platform_firmwareipq5028qca9986qcf8001_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresa8295p_firmwaresd_675_firmwaresa4155p_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobile_platformsm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresnapdragon_845_mobile_platform_firmwaresd888sd460_firmwaresnapdragon_4_gen_2_mobile_platformipq8069ipq8065qca6310_firmwarefastconnect_6800qcs7230snapdragon_685_4g_mobile_platform_firmwarewcd9371qcn9001_firmwaresnapdragon_782g_mobile_platform_firmwarefastconnect_6900_firmwaresnapdragon_732g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaresnapdragon_835_mobile_pc_platformsnapdragon_865\+_5g_mobile_platformqca2065_firmwaresdx65m_firmwarevideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca9980_firmwareqca9985_firmwareqca6431_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3999_firmwareqca8084_firmwareqcn7605_firmwaresnapdragon_678_mobile_platformsa8255pqcs7230_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwareqcn5024snapdragon_690_5g_mobile_platformqca6430snapdragon_auto_5g_modem-rfssg2125pcsra6640_firmwareimmersive_home_326_platformqcn9013_firmwareqam8650p_firmwarevideo_collaboration_vc5_platformqca2062qca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwaresnapdragon_732g_mobile_platformipq8068qcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660wsa8815qam8775pqcm4325_firmwareipq8069_firmwareqcm4290_firmwareqca9888_firmwareqca9889qca1062qcn5024_firmwareqcn9002_firmwareipq5010qcn9274_firmwaresmart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_670_mobile_platformcsra6620_firmwareqcs8550ipq8068_firmwareqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwarewcd9375qca9889_firmwaresa8145psd_675immersive_home_316_platformsnapdragon_888\+_5g_mobile_platform_firmwareqca2066csr8811qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100psxr1120ipq9574qcn9000_firmwareqcn6102_firmwarevision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696wcd9341_firmwareqcn9003_firmwareqcc2073_firmwareipq8076wcn6740_firmwareqca1064_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqca9994_firmwareipq6000snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640qcn9100_firmwareqcn5122sd730snapdragon_730g_mobile_platform_firmwareqca6554aqcn6024_firmwareqca9886_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwaressg2115pqcc710snapdragon_850_mobile_compute_platformqcn6132_firmwaresxr1120_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900ipq5332_firmwareqcn5052qca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qcn6100_firmwareqca6421_firmwareqcm6125csr8811_firmwarewsa8810qcn5021qca8085qsm8250snapdragon_8\+_gen_2_mobile_platformqcn6100qca6595ausm7315_firmwarewcd9326_firmwarewsa8840qcs8550_firmwareqca9986_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwareqcf8001wcn3910_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresdx65mwcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareipq9570sa8195pqca6335_firmwareqcm6490immersive_home_316_platform_firmwareimmersive_home_3210_platformqcn9274ipq8076a_firmwareipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwareqca6430_firmwaresnapdragon_870_5g_mobile_platformipq4029_firmwareqcn9011qcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformwsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwaresnapdragon_765_5g_mobile_platformflight_rb5_5g_platform_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072asa6155qca2065qcm4325robotics_rb5_platformqcn6224sc8180x\+sdx55qca6698aqsnapdragon_7c_gen_2_compute_platformsm6250ssg2125p_firmwaresnapdragon_8c_compute_platform_firmwaresd670sa8145p_firmwaresnapdragon_888\+_5g_mobile_platformsa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwarewcn3990qca6428_firmwareqcn9002ipq8078snapdragon_680_4g_mobile_platform_firmwareqcs6490qcs8250ipq9554_firmwaresnapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwareqca6678aq_firmwareqca8386_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqcc2076_firmwareqca6678aqsnapdragon_675_mobile_platform_firmwareqcn5022_firmwareqca9992sa4150p_firmwareqca9898ipq9008ipq9554qca6564ausm6250p_firmwareimmersive_home_214_platform_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332snapdragon_680_4g_mobile_platformqcn9013ar8031qcm6490_firmwareipq8072a_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformrobotics_rb3_platform_firmwareflight_rb5_5g_platformsnapdragon_xr2_5g_platformqcn6112_firmwareqcs6125snapdragon_7c\+_gen_3_computesnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_670_mobile_platform_firmwareqca8085_firmwareqca9886qcn6132sm6250_firmwareqcn6102snapdragon_780g_5g_mobile_platform_firmwareqca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwaresnapdragon_765_5g_mobile_platform_firmwarewcn6740qfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380ipq4028qam8255psa6145p_firmwaresa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_4_gen_1_mobile_platformsa8150pqcn9003snapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwareqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca2064sxr1230psd662_firmwareipq6010sw5100aqt1000qam8295p_firmwaresd855wcn3990_firmwaresm7315wcd9385qca9994qsm8350sd662qcs4290sxr1230p_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwareipq4018snapdragon_865\+_5g_mobile_platform_firmwaresm6250psdx55_firmwareipq8071a_firmwareqca6438qca6554a_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_xr2\+_gen_1_platformipq4029sm7325psnapdragon_855_mobile_platform_firmwareaqt1000_firmwareipq4018_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124ipq8074_firmwareqca6595au_firmwareqca0000sw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_782g_mobile_platformqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwarevision_intelligence_400_platformqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_480\+_5g_mobile_platformipq8074aimmersive_home_318_platformsd675sd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391ipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresa8295psnapdragon_xr1_platform_firmwarerobotics_rb5_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareipq6000_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwaressg2115p_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-0751
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.80% / 87.62%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

Action-Not Available
Vendor-libnids_projectn/aFedora Project
Product-libnidsfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-1999-0052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 76.80%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Action-Not Available
Vendor-bsdin/absdiOpenBSDFreeBSD Foundation
Product-bsd_osopenbsdfreebsdn/aopenbsdfreebsdbsd_os
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-21404
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 18:02
Updated-03 May, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Denial of Service Vulnerability

.NET Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_corevisual_studio_2022.NET 6.0Microsoft Visual Studio 2022 version 17.8.NET 7.0.NET 8.0Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.6
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-0709
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.32% / 84.16%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-35087
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.74%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830qca8337_firmwarewcd9380_firmwaresd780gqca8337sd865_5gsdx55m_firmwarewcn6856_firmwaresdx65wsa8835wcd9380sd765g_firmwaresd888_5gqca6390_firmwaresd690_5gwcd9370sd690_5g_firmwarewcn6855_firmwarewcn6750wcn3998wcd9385_firmwaresd_8_gen1_5g_firmwarewsa8815wcn6850sd765sd695sd768g_firmwaresdx55_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresm7250p_firmwareqca6391sdx55mwcn6740_firmwaresd778gsdx65_firmwareqcs6490qcm6490_firmwaresd480_firmwarewcn6851_firmwarewcn3988_firmwaresd778g_firmwarewsa8810_firmwaresd765gwcd9341_firmwaresd480sd765_firmwaresd870wsa8810wcn6851wcn6855qca8081wcn6856wcd9385wcd9341sd695_firmwaresd768gqcs6490_firmwaresd870_firmwarewcn6740qca6391_firmwareqca6390ar8035wcd9375sd780g_firmwarewcd9370_firmwaresdx55wsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250psm8475wcn6750_firmwarear8035_firmwareSnapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-20661
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.65% / 90.83%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:57
Updated-03 Jun, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2Windows 10 Version 1507Windows 11 version 22H2Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 11 version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-7052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.55%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.

Action-Not Available
Vendor-irssin/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxirssidebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.46%
||
7 Day CHG~0.00%
Published-19 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora Project
Product-cephfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-20450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.87%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 18:16
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-5304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.38% / 86.89%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 19:35
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.

Action-Not Available
Vendor-libvncserver_projectn/aFedora Project
Product-libvncserverfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-4816
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 77.92%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:44
Updated-07 Aug, 2024 | 04:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdFreeBSD and OpenBSD ftpd service
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.49%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.

Action-Not Available
Vendor-sblim_projectn/a
Product-small_footprint_cim_brokern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-8740
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.04% / 92.30%
||
7 Day CHG~0.00%
Published-17 Mar, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Action-Not Available
Vendor-sqliten/aDebian GNU/Linux
Product-sqlitedebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23022
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.34%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.14%
||
7 Day CHG~0.00%
Published-23 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-33056
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 39.05%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer dereference in WLAN Firmware

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqam8255p_firmwarewsa8830qcn9070sxr2230p_firmwareqca8337qam8650pqfw7124ipq8173_firmwarewcn785x-5qam8775pqcf8001qcn6224_firmwareqcn5124qca4024_firmwareqca8082qcn9072qca8386wsa8840immersive_home_318_platform_firmwareipq8078aipq5028_firmwareqca6595au_firmwareipq6000ssg2115pqcn5152_firmwareqca0000_firmwareqca6584au_firmwarewcn685x-1qcn9000_firmwaresnapdragon_8_gen_2_mobile_platformipq9554qca6554a_firmwarewcd9385_firmwareimmersive_home_216_platformipq8076aimmersive_home_316_platformimmersive_home_316_platform_firmwareqca8386_firmwareqcn6024_firmwareqca8084_firmwareimmersive_home_318_platformipq8074aqcn5124_firmwareqca8082_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwareqfw7114wsa8845h_firmwareipq5010qca6564au_firmwareqca6584ausnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwareqcn9274ipq8174ipq5028wsa8840_firmwareqca6698aqqcn5052qca0000qcf8001_firmwareipq6010qcs8550_firmwaresc8380xp_firmwareqcn6112_firmwareqcn9074qca8085sdx65mwcd9340qcn6132qcn6224qcn9013wsa8845hsnapdragon_ar2_gen_1_platform_firmwaresnapdragon_x75_5g_modem-rf_systemwcd9395_firmwareqca8081qcf8000qca6698aq_firmwareipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcn685x-1_firmwareimmersive_home_3210_platformqca8085_firmwareqam8775p_firmwareqca9888_firmwareqcn6122wcd9385qca6696_firmwareipq9008_firmwareipq9570qcn5154_firmwareqca6797aqar8035csr8811wcd9390qcc710_firmwareqcn9100_firmwarewsa8830_firmwareipq5010_firmwareipq8074a_firmwarewsa8835_firmwareqcn5022_firmwareimmersive_home_216_platform_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcn785x-1qca8337_firmwarewcd9380_firmwaressg2125pqcn9000ipq8072aqcf8000_firmwareqca6554aipq8076a_firmwareqca6595ipq8078qca6564auqca8084ipq8173qcm8550ipq9008qcn9012qcn5164immersive_home_326_platform_firmwareqcn6122_firmwareqca6574sxr1230p_firmwarewsa8835snapdragon_8\+_gen_2_mobile_platform_firmwarecsr8811_firmwareqcn6274wcd9380ipq9554_firmwareqcn5154qca8075_firmwaressg2125p_firmwareqca6574aqcn5024wcn685x-5_firmwareqca9889qcn6132_firmwaresxr1230pqca9888qcn9012_firmwareqcn5052_firmwareqcn9274_firmwareqcc2076_firmwareipq8070a_firmwareqfw7114_firmwarewsa8845qcc2073_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwarewcd9340_firmwareqcn6112sxr2230pipq8076wsa8845_firmwareqca6574a_firmwareqcn5152ipq6028sc8380xpqcn9024ipq9574_firmwarewcn785x-5_firmwareimmersive_home_3210_platform_firmwareqcn9100qcn6274_firmwaresnapdragon_x65_5g_modem-rf_systemipq8078_firmwareipq9570_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8832_firmwarewcn685x-5ipq6028_firmwareipq8072a_firmwareqca6797aq_firmwarewcn785x-1_firmwareqca6574auqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwaresnapdragon_8\+_gen_2_mobile_platformwsa8832ipq5332_firmwareipq5332sm8550pimmersive_home_326_platformsnapdragon_ar2_gen_1_platformipq6018qcn5022qcn9013_firmwareqam8650p_firmwareqcc710ipq6010_firmwareimmersive_home_214_platformqca6595_firmwarewcd9395qca6696qcs8550immersive_home_214_platform_firmwareqca4024sm8550p_firmwaresdx55qca8075qcn9022_firmwarewcd9390_firmwareqcn6024qcn9022qcc2076ipq8070aqcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwareqfw7124_firmwareqam8255pqcc2073ar8035_firmwareSnapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-23.09% / 95.71%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 19:00
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Action-Not Available
Vendor-n/aCanonical Ltd.GNU
Product-patchubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.46%
||
7 Day CHG~0.00%
Published-22 Feb, 2018 | 00:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-20339
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.78% / 72.70%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:09
Updated-08 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition and impacting traffic to and through the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defense_softwareCisco Firepower Threat Defense Softwarefirepower_threat_defense_software
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-10708
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 78.00%
||
7 Day CHG~0.00%
Published-21 Jan, 2018 | 22:00
Updated-06 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxNetApp, Inc.OpenBSD
Product-ubuntu_linuxclustered_data_ontapdebian_linuxcloud_backupdata_ontapservice_processoropensshdata_ontap_edgestoragegrid_webscalevasa_provideroncommand_unified_managerstoragegridn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-20436
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.72% / 71.57%
||
7 Day CHG+0.17%
Published-25 Sep, 2024 | 16:26
Updated-08 Oct, 2024 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Softwareios_xe
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.60%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 03:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

Action-Not Available
Vendor-tatsn/aCanonical Ltd.
Product-ubuntu_linuxw3mn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-40779
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-27 Aug, 2025 | 20:23
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kea crash upon interaction between specific client options and subnet selection

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-Kea
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-6343
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-31 Dec, 2018 | 22:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00.

Action-Not Available
Vendor-Facebook
Product-proxygenProxygen
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.50%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.

Action-Not Available
Vendor-fossiesn/a
Product-catdocn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-11039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.48%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 13:09
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-8011
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-38.15% / 97.11%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_md, DoS via Coredumps on specially crafted requests

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-http_servercloud_backupApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23526
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.59%
||
7 Day CHG~0.00%
Published-15 Dec, 2022 | 00:43
Updated-18 Apr, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Helm contains Denial of service through schema file

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.

Action-Not Available
Vendor-helmhelm
Product-helmhelm
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-2488
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.31% / 78.95%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 19:48
Updated-07 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.

Action-Not Available
Vendor-zncznc
Product-zncznc
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-3048
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.05%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 17:15
Updated-15 Nov, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_personal_communicatorUnified Personal Communicator
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found