Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62785

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-29 Oct, 2025 | 15:37
Updated At-29 Oct, 2025 | 16:10
Rejected At-
Credits

Wazuh fillData NULL pointer dereference causes analysisd crash

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:29 Oct, 2025 | 15:37
Updated At:29 Oct, 2025 | 16:10
Rejected At:
â–¼CVE Numbering Authority (CNA)
Wazuh fillData NULL pointer dereference causes analysisd crash

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

Affected Products
Vendor
Wazuh, Inc.wazuh
Product
wazuh
Versions
Affected
  • < 4.10.2
Problem Types
TypeCWE IDDescription
CWECWE-252CWE-252: Unchecked Return Value
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-252
Description: CWE-252: Unchecked Return Value
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259
x_refsource_CONFIRM
https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6
x_refsource_MISC
Hyperlink: https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:29 Oct, 2025 | 16:15
Updated At:03 Nov, 2025 | 19:32

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Wazuh, Inc.
wazuh
>>wazuh>>Versions before 4.10.2(exclusive)
cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-252Primarysecurity-advisories@github.com
CWE-476Primarysecurity-advisories@github.com
CWE ID: CWE-252
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-476
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6security-advisories@github.com
Patch
https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259security-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

780Records found
CVE-2021-29295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.07%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:38
Updated-03 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsp-w215dsp-w215_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.71%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 18:36
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.

Action-Not Available
Vendor-cesnetn/a
Product-libyangn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-28683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.40%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 16:34
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

Action-Not Available
Vendor-envoyproxyn/a
Product-envoyn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-29241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.82%
||
7 Day CHG~0.00%
Published-03 May, 2021 | 13:17
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

Action-Not Available
Vendor-n/aCODESYS GmbH
Product-development_systemcontrol_for_pfc200_slcontrol_for_pfc100_slcontrol_runtime_system_toolkitcontrol_for_iot2000_slcontrol_for_raspberry_pi_slcontrol_for_beaglebone_slcontrol_for_empc-a\/imx6_slgatewaycontrol_for_linux_sledge_gatewayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.04%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 00:00
Updated-08 Nov, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.

Action-Not Available
Vendor-toshibatecfujifilmn/afujifilmtoshibaBrother Industries, Ltd.
Product-mfc-j895dwdcp-t510w\(china\)dcp-l2520dwrdcp-j972nmfc-j5520dwdcp-1617nwdocuprint_p265_dw_firmwaremfc-j5820dndcp-1612we_firmwaremfc-j497dwdcp-j973n-b_firmwaremfc-j898nmfc-j830d\(w\)n_firmwaremfc-j5335dwmfc-l2740dwr_firmwaremfc-j2320mfc-1910wehl-1222wemfc-j895dw_firmwaremfc-j898n_firmwaredcp-l2540dnr_firmwaremfc-j907d\(w\)n_firmwarehl-1218w_firmwaredocuprint_p118_wmfc-l2705dwmfc-j893n_firmwarehl-l2340dwr_firmwaredocuprint_m268_z_firmwaremfc-1911nwhl-l2360dnrdcp-l2560dw_firmwaredcp-1623wr_firmwaremfc-l2740dw\(japan\)mfc-j5620cdwdcp-l8410cdw_firmwaredcp-j587nmfc-j5520dw_firmwaremfc-j4320dwhl-2560dndcp-j981n_firmwaredocuprint_m115_zdocuprint_m115_w_firmwaremfc-j4720n_firmwaremfc-j998dn_firmwaredcp-j963n-bhl-l8260cdndcp-j4220n-bdocuprint_m118_zmfc-j5720cdw\(japan\)_firmwaredcp-l2560dwrhl-l2315dwmfc-l2685dwdocuprint_m115_fw_firmwaredcp-j982n-bmfc-j997d\(w\)nmfc-j903n_firmwaredcp-1612wvb_firmwaremfc-1912wr_firmwaremfc-j893nmfc-l2720dw_firmwaremfc-j5620dwdcp-j587n_firmwaremfc-l9570cdw_firmwaredcp-l2540dw\(japan\)hl-1211w_firmwaredcp-j762ndcp-j572dwdcp-j577ndcp-j582n_firmwaredocuprint_p268_ddcp-j973n-wmfc-l2720dwr_firmwaredocuprint_m115_z_firmwaremfc-j998dwn_firmwaremfc-l2707dwdcp-l2520dw_firmwarehl-l2340dwdcp-j4220n-w_firmwaremfc-t810wmfc-j837d\(w\)n_firmwarehl-1222we_firmwaremfc-j2330dw_firmwaremfc-l9570cdwfax-l2700dn_firmwaredcp-j978n-b_firmwaredocuprint_p118_w_firmwaredocuprint_m225_dw_firmwaredcp-t710w_firmwaredcp-1612wr_firmwaremfc-l8610cdw\(japan\)mfc-j6995cdwmfc-j2320_firmwaredcp-1610wvbmfc-j5730dwdcp-t510whl-l2365dwmfc-j6983cdwdocuprint_p225_d_firmwaredcp-j982n-b_firmwaremfc-l2705dw_firmwaredcp-j978n-wmfc-1910wmfc-1916nwmfc-j6583cdwdcp-l2560dwr_firmwaremfc-l2720dn_firmwaremfc-j900d\(w\)n_firmwaremfc-j880n_firmwarehl-l8360cdwtmfc-1911whl-1223wrdcp-l2541dw_firmwaredocuprint_m268_dw_firmwaremfc-j6535dwmfc-l2701dwdocuprint_m225_z_firmwaredcp-j982n-w_firmwaredocuprint_m225_dwdcp-j4225n-bmfc-l2701dw_firmwaremfc-j2720mfc-j485dwhl-1210wvb_firmwarehl-l9310cdwmfc-1915w_firmwaremfc-l2680w_firmwaredcp-j968n-wmfc-j5920dwhl-1212w_firmwaremfc-j737d\(w\)n_firmwaremfc-l8610cdwdcp-j983nmfc-j5730dw_firmwaremfc-j985dwmfc-l8900cdwmfc-l2685dw_firmwaremfc-j738dwndcp-j772dwmfc-j680dwmfc-j738dn_firmwaredcp-1610wvb_firmwaremfc-j5320dw_firmwaredcp-j972n_firmwaredcp-1618wdcp-j772dw_firmwaredcp-t510w_firmwaredocuprint_p225_dhl-l8360cdwt_firmwaredcp-j4120dwmfc-t810w\(china\)_firmwaremfc-j5625dw_firmwaredcp-j978n-w_firmwaredcp-1610wemfc-l8900cdw_firmwaredcp-l2540dnhl-l8360cdw_firmwaremfc-j5630cdw_firmwaredcp-j973n-bdcp-l8410cdwdcp-1616nwhl-1223wr_firmwarehl-1212wvbhl-1210wvbdcp-j982n-wmfc-j900d\(w\)nmfc-j5930dwhl-l2366dw_firmwarehl-1210wr_firmwaredcp-j962n_firmwaredcp-j963n-w_firmwarehl-l2361dn_firmwaree-studio_302dnfmfc-l9577cdwdcp-1612wrmfc-j5720dw_firmwaremfc-l2720dwrmfc-j6583cdw_firmwaredcp-1610wr_firmwaredcp-1610we_firmwaremfc-l9570cdw\(japan\)mfc-j680dw_firmwaremfc-j491dw_firmwaremfc-j775dwdocuprint_p115_w_firmwarehl-l8360cdwmfc-j491dwmfc-1912wrmfc-j5820dn_firmwaredcp-j978n-bmfc-l2703dw_firmwaredcp-j968n-b_firmwaremfc-j3930dwmfc-j4725n_firmwaremfc-j3930dw_firmwaredcp-1610wrmfc-l2740dw_firmwarehl-1223we_firmwaremfc-j5830dwmfc-j3530dwmfc-j6580cdwmfc-j6930dw_firmwaredcp-j987n-b_firmwarehl-1210w_firmwaredcp-j987n-wdcp-l2540dwdocuprint_m118_z_firmwaremfc-t910dw_firmwaredcp-j968n-w_firmwaredcp-l2540dw\(japan\)_firmwaredcp-j963n-whl-l2340dw_firmwaremfc-j6930dwdcp-1610w_firmwaredcp-l2560dwhl-l2365dw_firmwaredcp-j562dwmfc-j998dnmfc-l2700dwdcp-j983n_firmwaredcp-j785dwdcp-j572ndcp-l2520dwdcp-1616nw_firmwarehl-l2360dndocuprint_p115_wmfc-l2700dw_firmwarehl-1218wdcp-j562dw_firmwaredocuprint_m268_dwmfc-j480dwmfc-j5620cdw_firmwaremfc-j4620dwdcp-j987n-bdcp-j4225n-w_firmwaremfc-j5625dwdcp-t710w\(china\)_firmwaredcp-j562n_firmwaremfc-j990d\(w\)ndcp-1623wrhl-1212we_firmwaremfc-1916nw_firmwaredcp-l2520dwr_firmwaremfc-j6730dw_firmwaredocuprint_m265_zdcp-1618w_firmwaredcp-t710wmfc-j885dwhl-l2315dw_firmwaremfc-l2740dw\(japan\)_firmwaredcp-l2541dwhl-l2365dwrhl-l9310cdw_firmwaremfc-j6530dwdcp-1615nwdcp-7180dn_firmwaredcp-j4225n-b_firmwaredcp-j963n-b_firmwaremfc-j880nhl-l2365dwr_firmwarefax-l2700dndcp-j4220n-wdocuprint_m115_fwmfc-j990d\(w\)n_firmwarehl-1210wrmfc-l2680wmfc-j460dwhl-l2360dw_firmwaredocuprint_m265_z_firmwaredcp-1610wdcp-j567n_firmwaremfc-j2730dw_firmwaremfc-j480dw_firmwaremfc-j5330dwhl-1210wehl-l2305wdcp-j767n_firmwaremfc-j2720_firmwaredcp-l2540dn_firmwarehl-2560dn_firmwaremfc-j3530dw_firmwaredcp-1615nw_firmwaremfc-j5830dw_firmwarehl-l8260cdn_firmwaremfc-j5335dw_firmwaremfc-j887ndocuprint_p265_dwdcp-j4220n-b_firmwaremfc-j5720dwdcp-1617nw_firmwarehl-l2340dwrdcp-1612wmfc-j6983cdw_firmwaredcp-j582nmfc-1911nw_firmwarehl-1210we-studio_301dndcp-j567nhl-l2305w_firmwaremfc-j830d\(w\)ndocuprint_m268_zdcp-1612wedcp-j968n-bhl-1210we_firmwaremfc-j6980cdw_firmwaremfc-j6535dw_firmwaremfc-j890dwdocuprint_m118_w_firmwaredcp-j774dwdcp-t510w\(china\)_firmwaremfc-1910w_firmwaremfc-j2730dwmfc-j5320dwmfc-1910we_firmwaremfc-j997d\(w\)n_firmwarehl-l2360dn_firmwaremfc-j998dwndcp-j572n_firmwaredocuprint_m225_zmfc-7880dn_firmwaremfc-j890dw_firmwaremfc-j5330dw_firmwaredcp-j973n-w_firmwaremfc-j6995cdw_firmwaremfc-j738dwn_firmwaredcp-j987n-w_firmwarehl-l2380dwhl-1212wvb_firmwaremfc-j4320dw_firmwaredcp-j785dw_firmwaremfc-l2703dwmfc-l8610cdw\(japan\)_firmwaredcp-1612wvbdcp-l2540dw_firmwaremfc-1915wmfc-l8690cdw_firmwaredcp-t710w\(china\)mfc-l9577cdw_firmwaremfc-j730d\(w\)nmfc-l2720dnmfc-j737d\(w\)ne-studio_302dnf_firmwarehl-1212wdcp-j762n_firmwaredcp-j4225n-wdocuprint_p268_d_firmwaremfc-j885dw_firmwaremfc-j903nmfc-1919nwmfc-t810w_firmwarehl-l8260cdwmfc-l2700dndocuprint_m118_wdcp-j767nmfc-j4620dw_firmwaremfc-l2700dn_firmwaremfc-j5620dw_firmwaree-studio_301dn_firmwaredcp-1612w_firmwarehl-1211wmfc-j4420dwmfc-j460dw_firmwaredcp-j962nmfc-1911w_firmwaremfc-l2707dw_firmwaremfc-l8690cdwdcp-l2540dnrdcp-j577n_firmwaremfc-j497dw_firmwaremfc-l9570cdw\(japan\)_firmwaremfc-j880dw_firmwarehl-l2360dnr_firmwaredcp-j572dw_firmwaremfc-j5720cdw\(japan\)mfc-j985dw_firmwaremfc-j6730dwmfc-j4720ndcp-j4120dw_firmwaremfc-j5630cdwmfc-j775dw_firmwarehl-1212wr_firmwaremfc-l2740dwrdcp-1622wedcp-j562nmfc-j4725nmfc-l2740dwmfc-t910dwmfc-j837d\(w\)nmfc-j730d\(w\)n_firmwaredocuprint_p268_dwmfc-j880dwmfc-j907d\(w\)nmfc-j6935dw_firmwaremfc-j485dw_firmwaremfc-l2700dnrmfc-j6530dw_firmwaremfc-j5920dw_firmwarehl-1212wemfc-l2700dnr_firmwarehl-l2361dnhl-l2366dwmfc-j4420dw_firmwaredcp-1622we_firmwaremfc-j6935dwdcp-j774dw_firmwaremfc-j4625dw_firmwarehl-l8260cdw_firmwaredocuprint_m115_wmfc-j6980cdwdcp-j981nmfc-t810w\(china\)mfc-j738dnmfc-l2700dwr_firmwaredocuprint_p268_dw_firmwaremfc-j5930dw_firmwaredcp-1623wemfc-j690dw_firmwaremfc-j4625dwmfc-l2720dwmfc-l2700dwrdcp-7180dndcp-1623we_firmwaremfc-j2330dwmfc-l8610cdw_firmwaremfc-j690dwmfc-7880dnhl-l2360dwhl-l2380dw_firmwarehl-1223wemfc-1919nw_firmwaremfc-j6580cdw_firmwaremfc-j887n_firmwarehl-1212wrn/adocuprint_p115_wmfc-j960dwn_firmwaree-studio_301dn_302dnf
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 18:54
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-821dap2kactew-825dap_firmwaretew-755ap2kactew-755ap_firmwaretew-755ap2kac_firmwaretew-825daptew-821dap2kac_firmwaretew-755apn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.31%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 18:36
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

Action-Not Available
Vendor-cesnetn/a
Product-libyangn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-28841
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 18:02
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a ping_ipaddr key.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-821dap2kactew-825dap_firmwaretew-755ap2kactew-755ap_firmwaretew-755ap2kac_firmwaretew-825daptew-821dap2kac_firmwaretew-755apn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.26%
||
7 Day CHG~0.00%
Published-13 Mar, 2021 | 19:00
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference.

Action-Not Available
Vendor-spdkn/a
Product-storage_performance_development_kitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28875
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.41%
||
7 Day CHG~0.00%
Published-11 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

Action-Not Available
Vendor-rust-langn/a
Product-rustn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-28842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 18:34
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-821dap2kactew-825dap_firmwaretew-755ap2kactew-755ap_firmwaretew-755ap2kac_firmwaretew-825daptew-821dap2kac_firmwaretew-755apn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 08:15
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon.

Action-Not Available
Vendor-fltk_projectn/a
Product-fltkn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-29296
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.57%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:52
Updated-03 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-825_firmwaredir-825n/adir-825
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:13
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-821dap2kactew-825dap_firmwaretew-755ap2kactew-755ap_firmwaretew-755ap2kac_firmwaretew-825daptew-821dap2kac_firmwaretew-755apn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27953
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 79.23%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 14:36
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.

Action-Not Available
Vendor-ecobeen/a
Product-ecobee3_liteecobee3_lite_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-29294
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.57%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:32
Updated-03 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all hardware revisions are considered End of Life and as such this issue will not be patched

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-2740r_firmwaredsl-2740rn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.92% / 75.74%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 14:43
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

Action-Not Available
Vendor-varnish-cachen/aFedora Project
Product-varnish-modulesfedoravarnish-modules_klarlackn/a
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28843
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 18:47
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-821dap2kactew-825dap_firmwaretew-755ap2kactew-755ap_firmwaretew-755ap2kac_firmwaretew-825daptew-821dap2kac_firmwaretew-755apn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 77.29%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 17:23
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-2690_firmwaredap-3662_firmwaredap-2360dap-2690dap-2695_firmwaredap-2330dap-2660dap-2360_firmwaredap-2330_firmwaredap-2310_firmwaredap-3320dap-2695dap-3320_firmwaredap-2310dap-2660_firmwaredap-2553_firmwaredap-2553dap-3662n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.31%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 18:36
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

Action-Not Available
Vendor-cesnetn/a
Product-libyangn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-28306
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 08:15
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent.

Action-Not Available
Vendor-fltk_projectn/a
Product-fltkn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.14%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 17:29
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dap-2690_firmwaredap-3662_firmwaredap-2360dap-2690dap-2695_firmwaredap-2330dap-2660dap-2360_firmwaredap-2330_firmwaredap-2310_firmwaredap-3320dap-2695dap-3320_firmwaredap-2310dap-2660_firmwaredap-2553_firmwaredap-2553dap-3662n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.98%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 21:24
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

Action-Not Available
Vendor-treasuredatan/a
Product-fluent_bitn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27632
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_abapSAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27631
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_abapSAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-26690
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-63.38% / 98.39%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 07:10
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_session NULL pointer dereference

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27607
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_abapSAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-27944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.30%
||
7 Day CHG~0.00%
Published-06 Aug, 2022 | 19:19
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-pdf_editorwindowspdf_readern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-27630
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_abapSAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-11273
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.74%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwareqpm5620_firmwareqdm2307qca6431_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqpa8802qpm6585_firmwareqat3519qbt2000_firmwareqat5522_firmwarepm8150aqtc800hqdm5670sdr8250_firmwareqca6595au_firmwareqpa5581_firmwarepm7150lqpa8821pm8998_firmwareqdm5671qpm4650_firmwareqat3518qpa5580_firmwaresa415mwcn3998smr526_firmwareqdm2305_firmwareqpm5670_firmwareqdm5652sd6905gqca6574au_firmwareqpm8870wcd9375_firmwarewcn3998_firmwareqpm5679qbt2000pm6150aqpm6670_firmwaresdr735gpm8150bqdm3301_firmwareqsm7250pmr735awcd9340sd765gqdm2308_firmwareqca6436wcn6851qpa6560qfs2630_firmwaresdr865qdm5620_firmwarewcd9341qdm4643_firmwareqca6431qca6696_firmwareqln5020sd870_firmwaresd750gqpm5657pm6350qdm5621qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988smb1390qat5516_firmwarepm6150lsd8885gpm855l_firmwareqpa8686_firmwareqpm6585wcn3991wcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwareqat5568qet5100qdm5671_firmwareqpa8801_firmwareqca6564aupm8150l_firmwareqat5533_firmwaresdx55m_firmwarewcn6856_firmwarepm8005_firmwareqpa8673_firmwareqet4101_firmwarepm7250bqln4642_firmwareqfs2630qpa8842wcd9380smb1355_firmwarepm7250b_firmwaresmb1380_firmwarepmk8350_firmwaresmb1381sdr735pm7250smb1395qpa8803smr526pmk8003qtc801s_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850qdm5621_firmwareqdm2301_firmwareqca6426_firmwarepm8350_firmwarepm8009sdx55mqca6421_firmwarepm8008pm8350b_firmwareqtm525_firmwareqat3518_firmwarepmi8998sd6905g_firmwareqpm5621_firmwarepm855lqln1021aq_firmwarewcn6851_firmwareqdm5670_firmwareqpa6560_firmwaresd8655gqpa8802_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582pm8009_firmwareqdm2310_firmwareqfs2580_firmwaresd480sd870wcn6855sd8885g_firmwarepm8150lpmi8998_firmwareqdm5677pm8005pm855_firmwarepmx60_firmwarepm855b_firmwareqpm6582_firmwareqca6391_firmwarewcd9370_firmwareqln4650_firmwareqat3516_firmwareqpm5875sdx55qet5100mqet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bqln1031qpm5658_firmwareqpm5870wcn3991_firmwareqdm5652_firmwarewsa8830qet6110_firmwareqln5030qpa5581qpa2625_firmwarecsrb31024pm8350bh_firmwarepmr735b_firmwarepmx24_firmwareqet5100_firmwareqpm4621qpm5870_firmwareqet6100_firmwareqet6100sd765g_firmwareqpa8686qca6390_firmwaresmb1396pm7150awcd9370pm8350qpa5461_firmwarepm8350c_firmwarepmr525_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqpm5641wcd9385_firmwareqdm5650_firmwaresdxr2_5g_firmwareqat5516pm7250_firmwaresdr845_firmwareqdm5620qln1021aqsmb1380qpa8821_firmwarepm8350bhpmk8002_firmwarepm3003aqln1031_firmwareqdm4650_firmwaresdx55_firmwareqat5533qca6595ausm7250p_firmwareqca6436_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6564au_firmwareqca6584auqdm2305qpm8820qpm4641qat5515_firmwareqln5020_firmwarepm855qpm8830_firmwaresdxr2_5gpm8250smb1398qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwarewcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresdr735_firmwarewsa8810_firmwareqpm5677qat5515sd765_firmwareqdm5677_firmwarepm6350_firmwaresdr8150_firmwarewcd9385qtc800h_firmwareqpm5620qln5040_firmwareqpm4630qca6390wcd9375sd750g_firmwareqpa8673qdm2310qln5030_firmwareqln4642qpm5677_firmwarewsa8815_firmwaresmb1396_firmwaresmr525_firmwarepm8998wcn6850_firmwarewsa8835_firmwareqpm8820_firmwareqpm6621_firmwarepmx24qet6110qln5040qpm8895sdr845qpm5670wcn3990pmx55_firmwarepmk8350smb1398_firmwareqpm8830pm8350bqat5522qdm2307_firmwarewsa8835pm8150cpmr735bqpm5657_firmwarepmk8003_firmwareqca6574aqpm4640_firmwarewcn6855_firmwaresmb1390_firmwareqdm5679_firmwarepm8350csmr525qpm4640pm6150l_firmwarepmr525pm8150a_firmwareqet5100m_firmwareqpm4650qtm525qln1036aq_firmwaresd855pm6150a_firmwaresd765qca6574a_firmwareqpm4630_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwarepmx60qca6391qpa5461qpm8895_firmwarecsrb31024_firmwaresdr8150qfs2608sd480_firmwareqln1036aqqtc801ssmb1395_firmwareqdm4650qca6574auqpm5641_firmwarepm8008_firmwaresd8655g_firmwarewcd9341_firmwareqpm6621wsa8810pmr735a_firmwareqat5568_firmwareqdm2308wcn6856qdm5679sdr8250sd768gpm3003a_firmwareqca6696smb1381_firmwaresd845_firmwareqpa2625pmk8002sd845sm7250pqpm4621_firmwareqpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-25693
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.73%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 13:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.

Action-Not Available
Vendor-teradicin/a
Product-pcoip_agentn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-36894
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.14%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 04:51
Updated-05 Sep, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-25804
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 76.80%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 16:26
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.

Action-Not Available
Vendor-n/aVideoLAN
Product-vlc_media_playern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-25845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.95%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 10:52
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-vport_06ec-2v42m-ct_firmwarevport_06ec-2v60m-t_firmwarevport_06ec-2v60m-ct-tvport_06ec-2v36m-ct-tvport_06ec-2v80m_firmwarevport_06ec-2v42mvport_06ec-2v42m-ct-tvport_06ec-2v80m-ct-t_firmwarevport_06ec-2v36m-ct-t_firmwarevport_06ec-2v36m-t_firmwarevport_06ec-2v60m-tvport_06ec-2v80m-ctvport_06ec-2v80m-ct-tvport_06ec-2v80mvport_06ec-2v42m-t_firmwarevport_06ec-2v36m-ct_firmwarevport_06ec-2v36m-tvport_06ec-2v60m-ctvport_06ec-2v80m-t_firmwarevport_06ec-2v26m_firmwarevport_06ec-2v60m-ct-t_firmwarevport_06ec-2v80m-ct_firmwarevport_06ec-2v42m-tvport_06ec-2v60m_firmwarevport_06ec-2v26mvport_06ec-2v60mvport_06ec-2v60m-ct_firmwarevport_06ec-2v80m-tvport_06ec-2v42m_firmwarevport_06ec-2v36m-ctvport_06ec-2v42m-ctvport_06ec-2v42m-ct-t_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-25690
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.73%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 15:19
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.

Action-Not Available
Vendor-teradicin/a
Product-pcoip_soft_client- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-25904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.71%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 09:02
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.

Action-Not Available
Vendor-av-data_projectn/a
Product-av-datan/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-25903
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.71%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 09:02
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.

Action-Not Available
Vendor-cache_projectn/a
Product-cachen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-35966
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.53%
||
7 Day CHG-0.01%
Published-22 Jul, 2025 | 15:26
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

Action-Not Available
Vendor-bloombergBloomberg
Product-comdb2Comdb2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.93%
||
7 Day CHG+0.01%
Published-04 May, 2023 | 00:00
Updated-29 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.

Action-Not Available
Vendor-emqxn/a
Product-nanomqn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-32414
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.18% / 39.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-393
Return of Wrong Status Code
CVE-2025-32913
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.99% / 76.67%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 13:37
Updated-18 Nov, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header

A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-22792
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.73%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:53
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmeh582040modicon_premium_tsxp57_454mmodicon_mc80_bmkc8030311modicon_quantum_140cpu65160modicon_momentum_171cbu98090modicon_premium_tsxp57_1634mmodicon_m580_bmeh582040smodicon_m340_bmxp342010modicon_m580_bmep583020modicon_m580_bmeh584040smodicon_m580_bmeh586040smodicon_m580_bmep586040modicon_mc80_bmkc8020310modicon_m580_bmeh586040modicon_m580_bmep584040modicon_m580_bmep582020modicon_premium_tsxp57_2634mmodicon_quantum_140cpu65160cmodicon_m340_bmxp341000plc_simulator_for_ecostruxure_process_expertmodicon_quantum_140cpu65150cmodicon_quantum_140cpu65150modicon_m580_bmep585040cmodicon_m580_bmep584040smodicon_m580_bmeh582040cmodicon_m580_bmep583040modicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmeh584040modicon_premium_tsxp57_4634mmodicon_m580_bmep582040hmodicon_momentum_171cbu78090modicon_premium_tsxp57_5634mmodicon_premium_tsxp57_554mmodicon_m580_bmep584020modicon_mc80_bmkc8020301modicon_m340_bmxp342020modicon_m580_bmep582040smodicon_premium_tsxp57_2834mplc_simulator_for_ecostruxure_control_expertmodicon_m580_bmep581020modicon_m580_bmep586040cmodicon_m580_bmeh586040cmodicon_momentum_171cbu98091modicon_m580_bmep581020hmodicon_m580_bmep582020hmodicon_m580_bmeh584040cmodicon_m340_bmxp342030modicon_premium_tsxp57_6634mModicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-32818
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.34%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 19:24
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

Action-Not Available
Vendor-SonicWall Inc.
Product-SonicOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-23139
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.76%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-32398
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.11%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:05
Updated-13 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.

Action-Not Available
Vendor-rt-labsRT-Labs
Product-p-netP-Net
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-21702
Matching Score-4
Assigner-PHP Group
ShareView Details
Matching Score-4
Assigner-PHP Group
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 04:10
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null Dereference in SoapClient

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationThe PHP Group
Product-communications_diameter_signaling_routerclustered_data_ontapdebian_linuxphpPHP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2953
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.70%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-10 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Action-Not Available
Vendor-openldapn/aRed Hat, Inc.Apple Inc.NetApp, Inc.
Product-h300smacosh500s_firmwareh410s_firmwareh700s_firmwareh410sh700sh410c_firmwareontap_toolsactive_iq_unified_managerenterprise_linuxh500sh410ch300s_firmwareclustered_data_ontapopenldapopenldap
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29180
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.3||HIGH
EPSS-0.47% / 64.13%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 09:40
Updated-10 Dec, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxyfortiosfortiproxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-20596
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.44%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 11:02
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-fx3u-enet_firmwarefx3u-enet-l_firmwarefx3u-enet-p502_firmwareMELSEC-F Series FX3U-ENET; FX3U-ENET-L; FX3U-ENET-P502
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-27786
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.28%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • ...
  • 12
  • 13
  • 14
  • 15
  • 16
  • Next
Details not found