Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62785

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-29 Oct, 2025 | 15:37
Updated At-29 Oct, 2025 | 16:10
Rejected At-
Credits

Wazuh fillData NULL pointer dereference causes analysisd crash

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:29 Oct, 2025 | 15:37
Updated At:29 Oct, 2025 | 16:10
Rejected At:
â–¼CVE Numbering Authority (CNA)
Wazuh fillData NULL pointer dereference causes analysisd crash

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

Affected Products
Vendor
Wazuh, Inc.wazuh
Product
wazuh
Versions
Affected
  • < 4.10.2
Problem Types
TypeCWE IDDescription
CWECWE-252CWE-252: Unchecked Return Value
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-252
Description: CWE-252: Unchecked Return Value
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259
x_refsource_CONFIRM
https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6
x_refsource_MISC
Hyperlink: https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:29 Oct, 2025 | 16:15
Updated At:03 Nov, 2025 | 19:32

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Wazuh, Inc.
wazuh
>>wazuh>>Versions before 4.10.2(exclusive)
cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-252Primarysecurity-advisories@github.com
CWE-476Primarysecurity-advisories@github.com
CWE ID: CWE-252
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-476
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6security-advisories@github.com
Patch
https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259security-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

780Records found
CVE-2021-20299
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.03% / 77.11%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/Linux
Product-openexrdebian_linuxOpenEXR
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-20274
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 71.69%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 13:11
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.

Action-Not Available
Vendor-privoxyn/a
Product-privoxyprivoxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-28625
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.16%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 13:19
Updated-10 Apr, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.

Action-Not Available
Vendor-openidcOpenIDC
Product-mod_auth_openidcmod_auth_openidc
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-27784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.98%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-1936
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.74%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sd678sa6150p_firmwaresm6250p_firmwaresa8145p_firmwareqcs610sm7250qcs2290_firmwaresm7250_firmwareqca6431_firmwaresd_636qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155qca6335msm8917sd690_5gsd730_firmwaresd_455_firmwarewcd9370qcs605_firmwaresd_675_firmwaresd675_firmwareqca6564qcs6125_firmwareqca6426sd632wcn3998sdw2500_firmwarewcd9371_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950sm4125sd720gwcn3615_firmwarewcn3660bsd450_firmwaresd662sd460_firmwaresa8155qca6320_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3615msm8909wwcn3998_firmwareapq8009w_firmwareqca6420qca6436_firmwareapq8053_firmwarewcn3610_firmwareqca6564au_firmwaresd778gsa6155p_firmwareqca6310pm8937qcs6490sd429sdxr2_5gqcs6125sa8155_firmwaresd662_firmwaresdm630wcn3988_firmwareqca6430sa6145p_firmwaresd205qca6421sd429_firmwaresd778g_firmwaresm6250sa8195papq8017_firmwarequalcomm215_firmwaresd765gsd765_firmwareqca6436wcn6851sa6155pqcs603_firmwaremsm8937qcs4290_firmwarewcd9385wcn3660_firmwarepm8937_firmwareqca6431qca6696_firmwareqcs6490_firmwarewcd9371sd750gsd870_firmwareqca6390wcd9375sd750g_firmwareaqt1000apq8064ausa8150psm6250_firmwarewcn3910_firmwaremsm8953_firmwarewsa8830_firmwaresda429wmsm8917_firmwaresd210sd855_firmwaresd865_5g_firmwarewcn3620_firmwareqcm6490sd888_5g_firmwarewcn3988wcn3620wcn6850_firmwarewsa8835_firmwaresa8195p_firmwareapq8017qca6564awcn6750_firmwaresd450wcn3610qcm6125_firmwareqcm2290_firmwarewcn3991sda429w_firmwarewcd9380_firmwaresd_675sdm429wmsm8996au_firmwaresd780gsd865_5gqca6595qca6564ausdx55m_firmwarewcn6856_firmwaresd888msm8909w_firmwareqca6574msm8996ausd632_firmwaresdm429w_firmwaresd665_firmwarewsa8835wcd9380sd888_5gsm6250pqualcomm215qca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwareqca6310_firmwaresm7325qca6430_firmwarewcn6750sd439_firmwareqca6335_firmwareqca6574_firmwareqcs605sd855sm4125_firmwarewcn6850sd665wcn3910qca6320msm8937_firmwaresd765qca6426_firmwarewcn3660b_firmwarewcn3680qca6574a_firmwaresd768g_firmwaresd460qca6391sd730sdx55msdxr1_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwaremsm8953sd678_firmwareapq8064au_firmwareqcm4290qcm6490_firmwaresdx50mwcn3680_firmwaresd480_firmwareqcs603wcn6851_firmwaresd_455qca6574ausa8155p_firmwaresd_636_firmwaresd205_firmwareqca6564a_firmwareapq8009wqcm6125qcm4290_firmwaresd480sd870wcn6855sd210_firmwareqcs610_firmwarewcn6856sa6145pwcn3680bqca6564_firmwaresdxr1sd768gapq8096auqca6595_firmwaresa8145pwcn6740qca6696sdm630_firmwareqca6391_firmwaresd845_firmwaresd780g_firmwarewcd9370_firmwaresa6150psd888_firmwaresdw2500apq8053apq8096au_firmwaresa8155psd675sd845sdx55sd439sd720g_firmwarewcn3660qcm2290sm7325_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-20213
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.26% / 79.25%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:57
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.

Action-Not Available
Vendor-privoxyn/a
Product-privoxyprivoxy
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-0555
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.65%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 10:56
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-9327
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.82%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 21:25
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationCanonical Ltd.Siemens AG
Product-sinec_infrastructure_network_servicesubuntu_linuxcommunications_messaging_servercloud_backupsqlitecommunications_network_charging_and_controlzfs_storage_appliance_kitoutside_in_technologyhyperion_infrastructure_technologyenterprise_manager_ops_centermysql_workbenchn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-9385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.11%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 23:14
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.

Action-Not Available
Vendor-zintn/a
Product-zintn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7731
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.31%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 16:10
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS)

This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

Action-Not Available
Vendor-gosaml2_projectn/a
Product-gosaml2github.com/russellhaering/gosaml2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7711
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.85%
||
7 Day CHG~0.00%
Published-23 Aug, 2020 | 13:35
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS)

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

Action-Not Available
Vendor-goxmldsig_projectn/a
Product-goxmldsiggithub.com/russellhaering/goxmldsig
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30645
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-8.7||HIGH
EPSS-0.40% / 60.59%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:52
Updated-26 Jan, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunnel results in flowd crash

A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).  Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx4200srx5600srx4700srx4100srx1500srx300srx340srx5400junossrx320srx4600srx5800srx4120srx4300srx2300srx380srx1600Junos OS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-2617
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.09%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 05:31
Updated-27 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.

Action-Not Available
Vendor-opencvOpenCV
Product-opencvwechat_qrcode Module
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25676
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.86%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:10
Updated-19 Feb, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has null dereference on ParallelConcat with XLA

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-26213
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 59.71%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 16:45
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in teler

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.

Action-Not Available
Vendor-teler_projectkitabisa
Product-telerteler
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25665
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.74%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:39
Updated-19 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in SparseSparseMaximum

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25670
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.86%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:32
Updated-19 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-8011
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-7.5||HIGH
EPSS-1.25% / 79.14%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 03:11
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.

Action-Not Available
Vendor-Broadcom Inc.
Product-unified_infrastructure_managementCA Unified Infrastructure Management (Nimsoft/UIM)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 19:09
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).

Action-Not Available
Vendor-dhrystone_projectn/a
Product-dhrystonen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5597
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.78%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 08:05
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-got2000_gt27got2000_gt23coreosgot2000_gt25GOT2000 series GT27, GT25, and GT23
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24818
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 14:23
Updated-04 Feb, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RIOT-OS vulnerable to null pointer dereference during fragment forwarding

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.

Action-Not Available
Vendor-riot-osRIOT-OS
Product-riotRIOT
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5762
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-1.37% / 80.04%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 18:51
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.

Action-Not Available
Vendor-grandstreamn/a
Product-ht812_firmwareht813ht802ht813_firmwareht802_firmwareht801ht818ht814ht818_firmwareht801_firmwareht814_firmwareht812Grandstream HT800 Series
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 76.37%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 17:19
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.

Action-Not Available
Vendor-ftpgettern/a
Product-ftpgettern/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24832
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 45.07%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 21:24
Updated-21 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Action-Not Available
Vendor-Facebook
Product-hermesHermes
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5655
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.23%
||
7 Day CHG~0.00%
Published-30 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-melsec_iq-rd81opc96melsec_iq-rd81dl96_firmwaremelsec_iq-rd81dl96melsec_iq-rj71pn92melsec_iq-rd81mes96n_firmwaremelsec_iq-rd81mes96nmelsec_iq-rj71eip91_firmwaremelsec_iq-rj71eip91melsec_iq-rd81opc96_firmwaremelsec_iq-rj71pn92_firmwareMELSEC iQ-R series
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24940
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.83% / 87.96%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-21683
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-34.28% / 96.92%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-29652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.56%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 04:12
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

Action-Not Available
Vendor-n/aGo
Product-sshn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-27279
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.59%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 15:03
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).

Action-Not Available
Vendor-redlionn/a
Product-crimsonCrimson 3.1
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-25821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.59%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 03:12
Updated-04 Aug, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-peg-markdown_projectn/a
Product-peg-markdownn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-24369
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 68.42%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 16:06
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

Action-Not Available
Vendor-luan/a
Product-luan/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.27%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 16:45
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8723dertl8723de_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 21:27
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 21:27
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0216
Matching Score-4
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-4
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.12% / 78.08%
||
7 Day CHG+0.29%
Published-08 Feb, 2023 | 19:03
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid pointer dereference in d2i_PKCS7 functions

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

Action-Not Available
Vendor-stormshieldOpenSSL
Product-stormshield_management_centeropensslOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-18730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.71%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 20:07
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).

Action-Not Available
Vendor-iec104_projectn/a
Product-iec104n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-0122
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.85%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-04 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-15689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 13:48
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.

Action-Not Available
Vendor-embedthisn/a
Product-appwebn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-14397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.44% / 88.88%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13578
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.01%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 00:00
Updated-19 Nov, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-genivian/aFedora Project
Product-gsoapfedoraGenivia
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13934
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.08% / 90.63%
||
7 Day CHG-17.77%
Published-14 Jul, 2020 | 14:59
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxcommunications_instant_messaging_servermysql_enterprise_monitorinstantis_enterprisetracksiebel_ui_frameworkoncommand_system_managertomcatagile_engineering_data_managementagile_plmfmw_platformmanaged_file_transferworkload_managerleapApache Tomcat
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-12845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.12% / 92.05%
||
7 Day CHG~0.00%
Published-27 Jul, 2020 | 22:56
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.

Action-Not Available
Vendor-cherokee-projectn/a
Product-cherokeen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13950
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-19.46% / 95.30%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 07:10
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_proxy_http NULL pointer dereference

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13574
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.01%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 00:00
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-genivian/aFedora Project
Product-gsoapfedoraGenivia
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-25663
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.12%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:40
Updated-19 Feb, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TensorFlow has Null Pointer Error in TensorArrayConcatV2

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Action-Not Available
Vendor-TensorFlowGoogle LLC
Product-tensorflowtensorflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-28344
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.95%
||
7 Day CHG~0.00%
Published-08 Nov, 2020 | 04:04
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-3194
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-56.82% / 98.09%
||
7 Day CHG-3.74%
Published-06 Dec, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)OpenSSLDebian GNU/LinuxCanonical Ltd.
Product-openssldebian_linuxubuntu_linuxnode.jsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24847
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.39%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer Dereference in Modem

Transient DOS in Modem while allocating DSM items.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwaresnapdragon_x20_lte_modemsd865_5gsnapdragon_xr1_platformipq6028_firmwareimmersive_home_214_platformqca8081_firmwaresm7250-absnapdragon_x50_5g_modem-rf_systemwcd9340_firmwarewcd9395_firmwareqcn6024qcc710_firmwareqca6426sc8180x-abfastconnect_6700qcn5124_firmwaresm7325-ae_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395qcn7605snapdragon_460_mobile_platformqca6574au_firmwareqcn7606_firmwareipq8078a_firmwarewcd9341snapdragon_x12_lte_modemwsa8810_firmwaresd730_firmwarewsa8845h_firmwaresnapdragon_835_mobile_pc_platform_firmwarefastconnect_6800_firmwaresm8150-acfsm10055sd835_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresm7150-acsnapdragon_4_gen_1_mobile_platform_firmwarevideo_collaboration_vc1_platform_firmwareqcn9000sm7250-aa_firmwaresnapdragon_695_5g_mobile_platform_firmwaresc8180xp-acvideo_collaboration_vc1_platformwcd9385_firmwareqca6421qca6310snapdragon_630_mobile_platformipq8074a_firmwareipq8076awcd9360snapdragon_8_gen_1_mobile_platform_firmwaresa6155psm7150-ac_firmwareqca6564au_firmwareqca8075sa6155p_firmwaresd835qca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformipq8070a_firmwareqcn5021_firmwareqcn9070sc8180x-afsnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresm8250-ac_firmwareqca6420wcn3910csrb31024snapdragon_x70_modem-rf_system_firmwaresnapdragon_845_mobile_platformmdm9250_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_660_mobile_platformqca6574asm7325-aeqca6174awcd9340snapdragon_630_mobile_platform_firmwareqcm2290qdu1210sm6150-acsc8180xp-aa_firmwareqcn5154_firmwaresm8150-ac_firmwaresm8550p_firmwareqcm8550snapdragon_x20_lte_modem_firmwarewcn3988qcn5122_firmwarepmp8074qcn9024snapdragon_460_mobile_platform_firmwareqca6574sm7325-afsnapdragon_x75_5g_modem-rf_systemsdx57msc8180xp-ac_firmwareqcs410qcm2290_firmwaresa8155pqca8072_firmwarewsa8830sm8550psa6145psnapdragon_8\+_gen_1_mobile_platform_firmwareipq8071awcn3950_firmwaresnapdragon_8_gen_1_mobile_platformsc7180-acfastconnect_6200snapdragon_710_mobile_platformsm7325p_firmwaresd460wcd9360_firmwareqdx1011smart_audio_400_platformvideo_collaboration_vc3_platform_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwaresnapdragon_750g_5g_mobile_platformqcn9072sm7150-aaqcn6224_firmwareqca6431sd660_firmwaresdx57m_firmwaresxr2130_firmwarear8035_firmwaresnapdragon_888_5g_mobile_platformsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320qca4024_firmwaresd888_firmwaresnapdragon_712_mobile_platformsnapdragon_662_mobile_platform_firmwareqcs6125_firmwareipq8070qcn9074wsa8815_firmwaresm8250-abqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173sm8350-ac_firmwaresm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_x65_5g_modem-rf_system_firmwareqcn9070_firmwaresnapdragon_780g_5g_mobile_platformsnapdragon_710_mobile_platform_firmwaresd_675_firmwaresnapdragon_720g_mobile_platformqca9984ipq5010_firmwareqcn9022_firmwaresm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresm7150-aa_firmwaresnapdragon_845_mobile_platform_firmwaresd888fsm10055_firmwareqru1062_firmwaresd460_firmwaresnapdragon_4_gen_2_mobile_platformqru1062qca6310_firmwarefastconnect_6800sm8250-acwcd9371fastconnect_6900_firmwaresc8180xp-aasnapdragon_xr2_5g_platform_firmwareqca8075_firmwarevision_intelligence_300_platform_firmwaresnapdragon_835_mobile_pc_platformvideo_collaboration_vc3_platformsnapdragon_865_5g_mobile_platform_firmwareqca6431_firmwareqca6698aq_firmwareqcs2290qcn7606qcs2290_firmwarewcn3999_firmwareqcn7605_firmwaresnapdragon_720g_mobile_platform_firmwarewcd9390_firmwareimmersive_home_318_platform_firmwaresc8180xp-abqcn5024snapdragon_690_5g_mobile_platformqca6430qdx1011_firmwaresc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfsm7250-ab_firmwareqru1052csra6640_firmwareqca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwarewcn3980_firmwareqca6436snapdragon_x24_lte_modem_firmwarewsa8835qca6391_firmwarewsa8840_firmwareqdu1010_firmwareqcs4290_firmwaresnapdragon_865_5g_mobile_platformcsra6620qca8081sd660wsa8815qca9377qcm4325_firmwareqcm4290_firmwareqca9888_firmwareqca9889qcn5024_firmwareipq5010smart_audio_400_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresg4150p_firmwaresnapdragon_480_5g_mobile_platformqru1052_firmwaresnapdragon_670_mobile_platformcsra6620_firmwaresc8180xp-af_firmwareqcs8550sd865_5g_firmwarepmp8074_firmwaresc7180-ad_firmwarewcd9375qca9889_firmwaresa8145psd_675immersive_home_316_platformsm4350-ac_firmwarecsr8811sc7180-ac_firmwaresm7250-ac_firmwareqdx1010qcm8550_firmwareqcs410_firmwaresa6150p_firmwaresw5100psxr1120qcn9000_firmwarevision_intelligence_300_platformqcn9022qcs610_firmwarewcd9335wcd9370qca8072qca6696wcd9341_firmwareipq8076wcn6740_firmwareipq6018_firmwareqca9984_firmwareqcn6023immersive_home_216_platformqdu1110snapdragon_auto_4g_modemipq8078aqca6574auwcd9390csra6640sc8180x-af_firmwareqcn9100_firmwareqcn5122sd730qcn6024_firmwaresnapdragon_695_5g_mobile_platformqcm6125_firmwarec-v2x_9150qcc710snapdragon_850_mobile_compute_platformsxr1120_firmwareqcn5054robotics_rb3_platform315_5g_iot_modem_firmwarefastconnect_6900qru1032_firmwareqcn5052qfw7114315_5g_iot_modemsnapdragon_x55_5g_modem-rf_systemsa8155_firmwaresm7150-abqcn5164snapdragon_888_5g_mobile_platform_firmwareqca6335qcs4490sc7180-adsc8180xp-afmdm9250snapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845qca6421_firmwareqcm6125sc8180x-adcsr8811_firmwarewsa8810qcn5021qdu1000_firmwaresnapdragon_8\+_gen_2_mobile_platformsm8350-acqca6595ausm7315_firmwareqdu1010wcd9326_firmwarewsa8840qcs8550_firmwareqdu1210_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwarewcd9370_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqdu1110_firmwareqdu1000sa8195pqca6335_firmwareqcm6490immersive_home_316_platform_firmwareipq8076a_firmwaresd675_firmwareqca6430_firmwaresc8180x-aaqcn9024_firmwarewsa8845hsa6150psm7250-aawcd9326sa8155p_firmwareqca6564asnapdragon_675_mobile_platformsnapdragon_662_mobile_platformqcn9074_firmwarevision_intelligence_400_platform_firmwareipq8174sc8180x\+sdx55_firmwareipq8174_firmwaresnapdragon_665_mobile_platformar8035ipq8072asa6155qcm4325qcn6224sc8180x\+sdx55qca6698aqsm6250sm7250-acsc8180x-aa_firmwaresd670sa8145p_firmwaresa8150p_firmwaresnapdragon_w5\+_gen_1_wearable_platformfastconnect_6700_firmwaresnapdragon_636_mobile_platform_firmwarewcn3990snapdragon_680_4g_mobile_platform_firmwareipq8078qcs6490snapdragon_712_mobile_platform_firmwarefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwaresnapdragon_850_mobile_compute_platform_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwaresnapdragon_675_mobile_platform_firmwareqcn5022_firmwaresm8250-ab_firmwareqca6564ausc8180xp-adsm6250p_firmwareimmersive_home_214_platform_firmwaresm7325-af_firmwaresa8195p_firmwareqcm4290qcn5054_firmwareqca9888snapdragon_680_4g_mobile_platformsd_455_firmwarear8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresm4125qcm4490_firmwaresnapdragon_855_mobile_platformqru1032robotics_rb3_platform_firmwaresnapdragon_xr2_5g_platformqcs6125snapdragon_7c\+_gen_3_computesnapdragon_670_mobile_platform_firmwaresd_455sm6250_firmwaresc8180x-ad_firmwaresnapdragon_780g_5g_mobile_platform_firmwareqcn6274_firmwareqca6320_firmwaresw5100_firmwarewcn6740sm6225-ad_firmwareqfw7114_firmwareqca4024fastconnect_7800_firmwareimmersive_home_216_platform_firmwareipq8070awcd9380sa6145p_firmwaresa6155_firmwaresnapdragon_4_gen_1_mobile_platformsa8150psnapdragon_778g_5g_mobile_platformsnapdragon_665_mobile_platform_firmwaresnapdragon_x24_lte_modemqcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresm6225-adsd662_firmwaresm4350-acipq6010sw5100aqt1000c-v2x_9150_firmwaresd855sc8180x-ab_firmwarewcn3990_firmwaresm7315qca6564a_firmwarewcd9385sc8180xp-ab_firmwaresd662qcs4290sg8275psm6250psdx55_firmwareipq8071a_firmwaresxr2130ipq6028qcm4490snapdragon_636_mobile_platformqcn9100sm7150-ab_firmwareqca6174a_firmwaresm7325psnapdragon_855_mobile_platform_firmwareaqt1000_firmwaresm6150-ac_firmwareqcn5152_firmwaresc8180x-acqcn6274snapdragon_480_5g_mobile_platform_firmwareqfw7124qca6595au_firmwaresc8180x-ac_firmwaresw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150pqcn5124qcn5152vision_intelligence_400_platformqca6574a_firmwaresdx55qcn9072_firmwareipq8074aimmersive_home_318_platformsd675wcd9375_firmwareqca6391snapdragon_x70_modem-rf_systemipq8173_firmwareqcn9012_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_xr1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarefastconnect_7800ipq8078_firmwarewcn3988_firmwareipq8070_firmwareqcn5154sd_8cxwsa8835_firmwareqcn5022snapdragon_660_mobile_platform_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_690_5g_mobile_platform_firmwareqcs610Snapdragonqcn5024_firmwareqca9377_firmwaresnapdragon_850_mobile_compute_platform_firmwaresnapdragon_662_mobile_platform_firmwaresa6150p_firmwaresm6250p_firmwaresa8145p_firmware315_5g_iot_modem_firmwareqcs2290_firmwaresnapdragon_x24_lte_modem_firmwaresg8275p_firmwareipq8173_firmwareqca6431_firmwarewcd9360_firmwarefsm10055_firmwareqcn6224_firmwareqca4024_firmwaresnapdragon_x20_lte_modem_firmwareimmersive_home_318_platform_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwaresd730_firmwaresnapdragon_auto_4g_modem_firmwaresd_455_firmwarecsra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqcn5152_firmwareqcs6125_firmwaresnapdragon_460_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwareqcn9000_firmwareqca9984_firmwarequalcomm_video_collaboration_vc3_platform_firmwaresd_8cx_firmwarewcd9371_firmwarewcd9385_firmwareqcn6024_firmwarewcd9326_firmwareimmersive_home_316_platform_firmwaresnapdragon_660_mobile_platform_firmwareqcn5124_firmwaresd460_firmwaresm7315_firmwareqca6320_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwaresnapdragon_835_mobile_pc_platform_firmwareqca8081_firmwareqcn6023_firmwaresa6155_firmwaresm7250p_firmwarewcd9375_firmwarewcn3999_firmwarewsa8845h_firmwareqca6436_firmwaresnapdragon_680_4g_mobile_platform_firmwareqca6564au_firmwaresnapdragon_auto_5g_modem-rf_firmwareipq8070_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareipq8078a_firmwaresmart_audio_400_platform_firmwaresnapdragon_x70_modem-rf_system_firmwarewsa8840_firmwaresa8155_firmwarerobotics_rb3_platform_firmwareqcs8550_firmwaresd662_firmwarevision_intelligence_300_platform_firmwarewcn3988_firmwareqru1062_firmwaresa6145p_firmwarefastconnect_6700_firmwarewsa8810_firmwarewcd9395_firmwareqdu1000_firmwareqca6698aq_firmwareqca6174a_firmwareipq8071a_firmwaremdm9250_firmwareqcs4290_firmwareqca9888_firmwaresxr2130_firmwareqca6696_firmwareqcs6490_firmwaresnapdragon_x12_lte_modem_firmwareqcn5154_firmwaresnapdragon_665_mobile_platform_firmwareqru1052_firmwarewcn3910_firmwaresnapdragon_855_mobile_platform_firmwaresm6250_firmwareqcc710_firmwareqcn9100_firmwaresnapdragon_712_mobile_platform_firmwarevision_intelligence_400_platform_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwaresd660_firmwaresnapdragon_636_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarefastconnect_6800_firmwareqcn5022_firmwareqcn7606_firmwaresxr1120_firmwareimmersive_home_216_platform_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqcm6125_firmwaresnapdragon_675_mobile_platform_firmwareqcm2290_firmwarequalcomm_video_collaboration_vc1_platform_firmwareqca8337_firmwarewcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwareipq8076a_firmwareqdu1010_firmwaresnapdragon_670_mobile_platform_firmwaresd670_firmwareqdu1110_firmwarecsr8811_firmwareqcn5054_firmwaresnapdragon_4_gen_1_mobile_platform_firmwareqca8075_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarec-v2x_9150_firmwareqca6310_firmwareqca8072_firmwareqca6430_firmwareqcn5052_firmwareqcn9012_firmwareqfw7114_firmwareipq8070a_firmwarewcd9335_firmwareqca6335_firmwareipq6018_firmwareipq8076_firmwareqcm4325_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwarepmp8074_firmwaresdx57m_firmwareqru1032_firmwaresnapdragon_630_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8845_firmwareqca6426_firmwareqca6574a_firmwarefastconnect_6200_firmwarewcn3980_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwareqcm4490_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwareqcn6274_firmwareqcs4490_firmwarear8031_firmwarecsrb31024_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn9070_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwareipq6028_firmwareipq8072a_firmwareqca9889_firmwaresa8155p_firmwareqdx1011_firmwareqca6564a_firmwareipq8174_firmwareqcn9024_firmwarewcd9341_firmwarefastconnect_7800_firmwareqcm4290_firmwareqcn7605_firmwareqdx1010_firmwaresw5100p_firmwareqcs610_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresd835_firmwareipq6010_firmwaresnapdragon_720g_mobile_platform_firmwareqca6391_firmwaresnapdragon_710_mobile_platform_firmwareimmersive_home_214_platform_firmwarewcd9370_firmwaresm8550p_firmwaresd888_firmwareqcn9022_firmwareqcn5021_firmwarewcd9390_firmwareqcn9072_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareqfw7124_firmwareqdu1210_firmwarear8035_firmwaresnapdragon_xr1_platform_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-26521
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 71.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 07:35
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).

Action-Not Available
Vendor-n/aFedora ProjectThe Linux Foundation
Product-nats-serverfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-0928
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.83% / 74.38%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).

Action-Not Available
Vendor-oisfn/a
Product-libhtpn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • ...
  • 13
  • 14
  • 15
  • 16
  • Next
Details not found