Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34798

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-16 Sep, 2021 | 14:40
Updated At-04 Aug, 2024 | 00:26
Rejected At-
Credits

NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:16 Sep, 2021 | 14:40
Updated At:04 Aug, 2024 | 00:26
Rejected At:
▼CVE Numbering Authority (CNA)
NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache HTTP Server
Versions
Affected
  • From Apache HTTP Server 2.4 through 2.4.48 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
unknown
other:
moderate
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
The issue was discovered by the Apache HTTP security team
Timeline
EventDate
2.4.49 released2021-09-16 00:00:00
Event: 2.4.49 released
Date: 2021-09-16 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
http://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
vendor-advisory
x_refsource_FEDORA
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
vendor-advisory
x_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
mailing-list
x_refsource_MLIST
https://www.debian.org/security/2021/dsa-4982
vendor-advisory
x_refsource_DEBIAN
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
vendor-advisory
x_refsource_CISCO
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://www.tenable.com/security/tns-2021-17
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20211008-0004/
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
x_refsource_CONFIRM
https://security.gentoo.org/glsa/202208-20
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://httpd.apache.org/security/vulnerabilities_24.html
Resource:
x_refsource_MISC
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://www.debian.org/security/2021/dsa-4982
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: https://www.oracle.com/security-alerts/cpujan2022.html
Resource:
x_refsource_MISC
Hyperlink: https://www.tenable.com/security/tns-2021-17
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.netapp.com/advisory/ntap-20211008-0004/
Resource:
x_refsource_CONFIRM
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource:
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/202208-20
Resource:
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_MISC
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
mailing-list
x_refsource_MLIST
x_transferred
https://www.debian.org/security/2021/dsa-4982
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
vendor-advisory
x_refsource_CISCO
x_transferred
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
x_transferred
https://www.tenable.com/security/tns-2021-17
x_refsource_CONFIRM
x_transferred
https://security.netapp.com/advisory/ntap-20211008-0004/
x_refsource_CONFIRM
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/202208-20
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://httpd.apache.org/security/vulnerabilities_24.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.debian.org/security/2021/dsa-4982
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujan2022.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2021-17
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20211008-0004/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202208-20
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:16 Sep, 2021 | 15:15
Updated At:07 Nov, 2023 | 03:36

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
The Apache Software Foundation
apache
>>http_server>>Versions up to 2.4.48(inclusive)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>cloud_backup>>-
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>clustered_data_ontap>>-
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>storagegrid>>-
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Tenable, Inc.
tenable
>>tenable.sc>>Versions up to 5.19.1(inclusive)
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_cloud_native_core_network_function_cloud_native_environment>>1.10.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>enterprise_manager_base_platform>>13.4.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>enterprise_manager_base_platform>>13.5.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>http_server>>12.2.1.3.0
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>http_server>>12.2.1.4.0
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>instantis_enterprisetrack>>17.1
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>instantis_enterprisetrack>>17.2
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>instantis_enterprisetrack>>17.3
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>peoplesoft_enterprise_peopletools>>8.58
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>zfs_storage_appliance_kit>>8.8
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Broadcom Inc.
broadcom
>>brocade_fabric_operating_system_firmware>>-
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_nms>>*
cpe:2.3:a:siemens:ruggedcom_nms:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinec_nms>>*
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinema_remote_connect_server>>Versions before 3.1(exclusive)
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinema_server>>14.0
cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE-476Secondarysecurity@apache.org
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-476
Type: Secondary
Source: security@apache.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://httpd.apache.org/security/vulnerabilities_24.htmlsecurity@apache.org
Release Notes
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdfsecurity@apache.org
Patch
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10379security@apache.org
Third Party Advisory
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3Esecurity@apache.org
N/A
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3Esecurity@apache.org
N/A
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3Esecurity@apache.org
N/A
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3Esecurity@apache.org
N/A
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.htmlsecurity@apache.org
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/security@apache.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/security@apache.org
N/A
https://security.gentoo.org/glsa/202208-20security@apache.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211008-0004/security@apache.org
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQsecurity@apache.org
Third Party Advisory
https://www.debian.org/security/2021/dsa-4982security@apache.org
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlsecurity@apache.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlsecurity@apache.org
Patch
Third Party Advisory
https://www.tenable.com/security/tns-2021-17security@apache.org
Third Party Advisory
Hyperlink: http://httpd.apache.org/security/vulnerabilities_24.html
Source: security@apache.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
Source: security@apache.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10379
Source: security@apache.org
Resource:
Third Party Advisory
Hyperlink: https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
Source: security@apache.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
Source: security@apache.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
Source: security@apache.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
Source: security@apache.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
Source: security@apache.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
Source: security@apache.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
Source: security@apache.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202208-20
Source: security@apache.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20211008-0004/
Source: security@apache.org
Resource:
Third Party Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Source: security@apache.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2021/dsa-4982
Source: security@apache.org
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Source: security@apache.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujan2022.html
Source: security@apache.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.tenable.com/security/tns-2021-17
Source: security@apache.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3285Records found
CVE-2016-4450
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.14% / 86.36%
||
7 Day CHG~0.00%
Published-07 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxF5, Inc.Canonical Ltd.
Product-debian_linuxnginxubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2006-2661
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.35% / 92.89%
||
7 Day CHG~0.00%
Published-30 May, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.

Action-Not Available
Vendor-freetypen/aDebian GNU/LinuxCanonical Ltd.
Product-freetypedebian_linuxubuntu_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12615
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.02% / 83.04%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 21:58
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-h610slinux_kernelcn1610hci_management_nodeactive_iq_unified_managerh610s_firmwarecn1610_firmwareaff_a700s_firmwareaff_a700ssolidfiren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-3581
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.94% / 85.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_eusenterprise_manager_ops_centerubuntu_linuxenterprise_linux_desktophttp_serverenterprise_linux_server_tuslinuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-21702
Matching Score-10
Assigner-PHP Group
ShareView Details
Matching Score-10
Assigner-PHP Group
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.03%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 04:10
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Dereference in SoapClient

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationThe PHP Group
Product-communications_diameter_signaling_routerclustered_data_ontapdebian_linuxphpPHP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-9708
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.51% / 88.70%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

Action-Not Available
Vendor-embedthisn/aJuniper Networks, Inc.Oracle Corporation
Product-ex4600-vcex4550-vcptx10003_160cex4300-32f-dcex8216ex4650ptx5000ex4600srx5400ex6200mx150ex4550\/vcex4300-24tex4300-vcmx10016appwebex3400mx10008ex2300-csrx110ptx1000ex4300-mpsrx300ex9208t640ex4300-48t-afimx2020ex2300-48tex4300-48mpex3300srx240msrx210srx4600srx340ex4400mx10000ex2300-24tex4300mmxsrx380ex4300-24pptx100016ex4300-48tdc-afisrx3600srx345srx650ex4500-vct320srx550_hmsrx100mx80ex2300-24mpsrx4100mx104mx40enterprise_communications_brokerptx10001-36mrmx960ex4300-48tex9251t4000srx5600ptx10001srx550mmx5ptx10016srx240h2ex4300-48p-ssrx320ptx10003mx10003mx10ptx3000ex2300msrx240mx240srx1400ex2200-cmx204t1600ex9253ex8200ptx10003_80csrx550qfx10000ex9204ex2300-24pex8208ex4500junossrx4000ex4200ex2300-48pex9214ex4300-24t-ssrx5800srx220ex4300-48pptx1000-72qsrx5000ex2300-48mpmx480ex9200ex4300-48mp-sptx10003_81cdex4200-vcsrx3400ptx10002-60cptx10004ex4300-24p-sex4300-48t-dcptx10000ex2200ex4300-32fex4300ex4300-48t-dc-afimx2010ex2300ex8200-vcex9250ex4300-32f-sptx10008ex3300-vcmx2008ex4550ex3200ptx10002srx1500ex4300-48tafiex4300-48t-sex2200-vcsrx4200ex4300-48tdcex6210n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-8011
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-38.15% / 97.11%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_md, DoS via Coredumps on specially crafted requests

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-http_servercloud_backupApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-3469
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.24% / 90.52%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

Action-Not Available
Vendor-n/aGNUSUSERed Hat, Inc.Debian GNU/Linux
Product-gnutlsdebian_linuxenterprise_linux_serverenterprise_linux_server_auslinux_enterprise_high_availability_extensionlinux_enterprise_serverenterprise_linux_eusenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_desktoplibtasn1virtualizationlinux_enterprise_software_development_kitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-20299
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.00%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/Linux
Product-openexrdebian_linuxOpenEXR
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-20296
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.63%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/Linux
Product-openexrdebian_linuxOpenEXR
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-4412
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 12:44
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Action-Not Available
Vendor-berliosslimDebian GNU/LinuxGNU
Product-glibcslimdebian_linuxslim
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-2765
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.33% / 88.47%
||
7 Day CHG~0.00%
Published-15 Jul, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

Action-Not Available
Vendor-trustwaven/aThe Apache Software FoundationopenSUSE
Product-http_serveropensusemodsecurityn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-8011
Matching Score-10
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-10
Assigner-CA Technologies - A Broadcom Company
CVSS Score-7.5||HIGH
EPSS-1.25% / 78.48%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 03:11
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.

Action-Not Available
Vendor-Broadcom Inc.
Product-unified_infrastructure_managementCA Unified Infrastructure Management (Nimsoft/UIM)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0458
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-19 Aug, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.

Action-Not Available
Vendor-nicolas_boullisn/aDebian GNU/Linux
Product-mah-jongdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-41358
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.31%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 00:00
Updated-02 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

Action-Not Available
Vendor-frroutingn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorafrroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7062
Matching Score-10
Assigner-PHP Group
ShareView Details
Matching Score-10
Assigner-PHP Group
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.98%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 20:25
Updated-16 Sep, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Pointer Dereference in PHP Session Upload Progress

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Action-Not Available
Vendor-Canonical Ltd.openSUSEThe PHP GroupDebian GNU/Linux
Product-ubuntu_linuxphpdebian_linuxleapPHP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7105
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 03:36
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectRedis Inc.
Product-debian_linuxfedorahiredisn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-41909
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.88%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 00:00
Updated-02 Aug, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

Action-Not Available
Vendor-frroutingn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorafrroutingn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2002-0401
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.82% / 90.17%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

Action-Not Available
Vendor-etherealn/aDebian GNU/Linux
Product-etherealdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-35680
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.23% / 88.31%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 15:53
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

Action-Not Available
Vendor-opensmtpdn/aFedora Project
Product-opensmtpdfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-0751
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.80% / 87.62%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

Action-Not Available
Vendor-libnids_projectn/aFedora Project
Product-libnidsfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-3481
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.90% / 87.81%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 17:45
Updated-13 Nov, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Software Null Pointer Dereference Vulnerability

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectClamAVCanonical Ltd.Cisco Systems, Inc.
Product-ubuntu_linuxclamavdebian_linuxfedoraClamAV
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-0742
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-77.83% / 98.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Apple Inc.Debian GNU/LinuxF5, Inc.Canonical Ltd.
Product-nginxleapubuntu_linuxdebian_linuxxcodesoftware_collectionsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-26521
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.70%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 07:35
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).

Action-Not Available
Vendor-n/aFedora ProjectThe Linux Foundation
Product-nats-serverfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-25692
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.95%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 00:06
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

Action-Not Available
Vendor-openldapn/aRed Hat, Inc.NetApp, Inc.
Product-cloud_backupenterprise_linuxopenldapsolidfire_baseboard_management_controller_firmwaresolidfire_baseboard_management_controlleropenldap
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-25866
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 14:42
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

Action-Not Available
Vendor-n/aWireshark FoundationOracle CorporationFedora ProjectopenSUSE
Product-wiresharkfedorazfs_storage_appliance_kitleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9214
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-9208
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.38% / 88.55%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-8936
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.16% / 91.83%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 15:37
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP through 4.2.8p12 has a NULL Pointer Dereference.

Action-Not Available
Vendor-ntpn/aopenSUSENetApp, Inc.Fedora ProjectHewlett Packard Enterprise (HPE)
Product-clustered_data_ontapntpdata_ontapfedorahpux-ntpleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-39351
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.22%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 19:56
Updated-13 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP Null Pointer Dereference leading denial of service

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-FreeRDPFedora ProjectDebian GNU/Linux
Product-freerdpdebian_linuxfedoraFreeRDP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-5010
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-2.44% / 84.56%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 20:05
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSERed Hat, Inc.Python Software Foundation
Product-debian_linuxenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusenterprise_linux_server_tuspythonleapPython
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-3995
Matching Score-10
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-10
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-7.96% / 91.71%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 21:59
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.

Action-Not Available
Vendor-elog_projectn/aFedora Project
Product-elogfedoraELOG
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19923
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.88% / 94.05%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:43
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19880
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.24% / 93.24%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-enterprise_linux_serversinec_infrastructure_network_servicesdebian_linuxcloud_backupsqlitelinux_enterpriseenterprise_linux_workstationpackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19926
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.11% / 93.19%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:53
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-18976
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.11%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 16:59
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-certified_asteriskasteriskdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19722
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 16:34
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.

Action-Not Available
Vendor-n/aFedora ProjectDovecot
Product-fedoradovecotn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-18804
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.51% / 84.75%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 05:25
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

Action-Not Available
Vendor-djvulibre_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-djvulibreubuntu_linuxdebian_linuxfedoraleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-28766
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.31%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:03
Updated-02 Aug, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_7sx82_firmwaresiprotec_5_7ut85_firmwaresiprotec_5_6md85_firmwaresiprotec_5_7sl82siprotec_5_7sl86siprotec_5_7sx82siprotec_5_7st86_firmwaresiprotec_5_communication_module_ethba2el_firmwaresiprotec_5_7sj81siprotec_5_7sl87siprotec_5_7sj85siprotec_5_7sd82_firmwaresiprotec_5_7sl87_firmwaresiprotec_5_7sk85siprotec_5_7sx85_firmwaresiprotec_5_7ut85siprotec_5_communication_module_ethbb2fosiprotec_5_7sd84siprotec_5_7sj86siprotec_5_7st85siprotec_5_7sk85_firmwaresiprotec_5_7sj82siprotec_5_7sj86_firmwaresiprotec_5_7vu85siprotec_5_7ut87_firmwaresiprotec_5_7ut82_firmwaresiprotec_5_communication_module_ethbd2fosiprotec_5_7vk87siprotec_5_7sa84_firmwaresiprotec_5_6md86siprotec_5_7ut86_firmwaresiprotec_5_7sd87siprotec_5_7um85siprotec_5_6md85siprotec_5_communication_module_ethbd2fo_firmwaresiprotec_5_7st85_firmwaresiprotec_5_7ss85_firmwaresiprotec_5_7ve85_firmwaresiprotec_5_compact_7sx800_firmwaresiprotec_5_7ss85siprotec_5_7um85_firmwaresiprotec_5_7sd84_firmwaresiprotec_5_7sj81_firmwaresiprotec_5_7sk82_firmwaresiprotec_5_7sa86siprotec_5_7sd86_firmwaresiprotec_5_7st86siprotec_5_7sa84siprotec_5_7sa82siprotec_5_7ut82siprotec_5_7sd82siprotec_5_7sd86siprotec_5_7sj85_firmwaresiprotec_5_communication_module_ethbb2fo_firmwaresiprotec_5_7ke85siprotec_5_6md86_firmwaresiprotec_5_7sa86_firmwaresiprotec_5_6mu85_firmwaresiprotec_5_7ut86siprotec_5_7ut87siprotec_5_7sk82siprotec_5_7sj82_firmwaresiprotec_5_7sa82_firmwaresiprotec_5_7sd87_firmwaresiprotec_5_communication_module_ethba2elsiprotec_5_7ve85siprotec_5_7sa87siprotec_5_6md89siprotec_5_7sx85siprotec_5_6md89_firmwaresiprotec_5_7vk87_firmwaresiprotec_5_7sl86_firmwaresiprotec_5_7vu85_firmwaresiprotec_5_7sl82_firmwaresiprotec_5_7sa87_firmwaresiprotec_5_6mu85siprotec_5_compact_7sx800siprotec_5_7ke85_firmwareSIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 Communication Module ETH-BB-2FOSIPROTEC 5 6MD85 (CP300)SIPROTEC 5 Communication Module ETH-BA-2ELSIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SJ82 (CP150)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3354
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 16:16
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.QEMUFedora Project
Product-openstack_platformqemufedoraenterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationExtra Packages for Enterprise LinuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat OpenStack Platform 13 (Queens)FedoraqemuRed Hat Enterprise Linux 8
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32248
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-02 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tree connection null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-32252
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.71%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-27 Aug, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session null pointer dereference denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelh500sh410s_firmwareh700s_firmwareh300s_firmwareh500s_firmwareh410c_firmwareh410sh410ch300sh700sRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-14493
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.66%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 16:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.

Action-Not Available
Vendor-opencvn/aDebian GNU/Linux
Product-debian_linuxopencvn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12259
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.05% / 96.49%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 18:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

Action-Not Available
Vendor-windriverbeldenn/aSiemens AGSonicWall Inc.
Product-hirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018hirschmann_grs10429410_power_meter_firmwareruggedcom_win7000siprotec_5_firmwareruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwarevxworkshirschmann_msp40hirschmann_octopus_os39810_power_meterhirschmann_rsp309410_power_meter9810_power_meter_firmwarehirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12111
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.40%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:23
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.

Action-Not Available
Vendor-miniupnp_projectn/aDebian GNU/Linux
Product-debian_linuxminiupnpdn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12412
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.45% / 84.58%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 23:16
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-libapreq2libapreq2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12482
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.03%
||
7 Day CHG~0.00%
Published-30 May, 2019 | 22:40
Updated-14 Mar, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-debian_linuxgpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-11494
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.07%
||
7 Day CHG~0.00%
Published-08 May, 2019 | 17:04
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSEDovecot
Product-fedoradovecotleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-10901
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.63% / 92.06%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 03:53
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-11810
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.98%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 13:04
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 65
  • 66
  • Next
Details not found