Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-25795

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-24 Feb, 2026 | 00:54
Updated At-26 Feb, 2026 | 15:08
Rejected At-
Credits

ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:24 Feb, 2026 | 00:54
Updated At:26 Feb, 2026 | 15:08
Rejected At:
▼CVE Numbering Authority (CNA)
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Affected Products
Vendor
ImageMagick Studio LLCImageMagick
Product
ImageMagick
Versions
Affected
  • >= 7.0.0, < 7.1.2-15
  • < 6.9.13-40
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
x_refsource_CONFIRM
Hyperlink: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:24 Feb, 2026 | 01:16
Updated At:24 Feb, 2026 | 18:46

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions before 6.9.13-40(exclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions from 7.0.0-0(inclusive) to 7.1.2-15(exclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarysecurity-advisories@github.com
CWE ID: CWE-476
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmmsecurity-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

864Records found
CVE-2020-24659
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.40% / 87.19%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 14:03
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

Action-Not Available
Vendor-n/aGNUCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxfedoragnutlsleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-27787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.77%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-27785
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.77%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.99%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:25
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).

Action-Not Available
Vendor-science-minern/a
Product-pdf2xmln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-23026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.99%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 19:09
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).

Action-Not Available
Vendor-dhrystone_projectn/a
Product-dhrystonen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34651
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.88%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:47
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34736
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.49%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:52
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34735
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.49%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:52
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34761
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.69% / 71.36%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Action-Not Available
Vendor-
Product-opc_ua_module_for_m580opc_ua_module_for_m580_firmwarex80_advanced_rtu_module_firmwarex80_advanced_rtu_moduleOPC UA Modicon Communication ModuleX80 advanced RTU Communication Module
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-33290
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.16%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 05:02
Updated-09 Apr, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in Bluetooth HOST

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwaremdm9640_firmwaremsm8996au_firmwareqca6595qca6564aucsrb31024mdm9628_firmwarewcd9360_firmwaremdm9650csra6620qca6574msm8996aumdm9250qca6595au_firmwarecsra6620_firmwareqca6574amdm9206csra6640_firmwareqca6174aqca6584au_firmwareqca6564asd626qca9377sa415mwcn3998wcd9335_firmwarewcn3980qam8295pwcd9326_firmwaremdm9628sa515mmdm9206_firmwareqca6574_firmwarewcn3660bwsa8815qca6584_firmwareqam8295p_firmwaremdm9650_firmwareqca6175awcn3660b_firmwareqca6574a_firmwareqca6584qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcn3980_firmwarewcd9360sdx20msa8295pqca6564au_firmwareqca6584auqca9367_firmwaresa515m_firmwarear8031_firmwarecsrb31024_firmwareqca9367sdx20mdm9607_firmwaresa415m_firmwareqcs405qca6574auqcn9074mdm9607qca6564a_firmwareapq8017_firmwaresd626_firmwaresdx20m_firmwarewcd9326wcd9335mdm9150wcn3680bqca6174a_firmwaremdm9250_firmwareapq8096auqca6696_firmwarear8031qca6595_firmwareqcs405_firmwareqca6696sdx55apq8096au_firmwarecsra6640sdx20_firmwarewsa8815_firmwareapq8017qcn9074_firmwaresa8295p_firmwareqca6175a_firmwaremdm9640Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-32663
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-1.21% / 78.70%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt7668_firmwaremt7921_firmwaremt5221mt7603_firmwaremt7902mt7615mt7915_firmwaremt7981_firmwaremt7622_firmwaremt7615_firmwaremt7622mt5221_firmwaremt8175_firmwaremt8532_firmwaremt7603mt7986mt8362amt7916mt8385_firmwaremt7629mt8362a_firmwaremt8532mt8167s_firmwaremt8365mt7613_firmwaremt7613mt7921mt7986_firmwaremt7668mt7628_firmwaremt7981mt8788mt8365_firmwaremt7915mt8385mt8518s_firmwaremt8788_firmwaremt7902_firmwaremt8167smt7916_firmwaremt8518smt7629_firmwaremt8175mt7628MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7668, MT7902, MT7915, MT7916, MT7921, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8788
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5762
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-1.37% / 79.99%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 18:51
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.

Action-Not Available
Vendor-grandstreamn/a
Product-ht812_firmwareht813ht802ht813_firmwareht802_firmwareht801ht818ht814ht818_firmwareht801_firmwareht814_firmwareht812Grandstream HT800 Series
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-5183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 76.25%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 17:19
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.

Action-Not Available
Vendor-ftpgettern/a
Product-ftpgettern/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-33305
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG+0.01%
Published-02 May, 2023 | 05:08
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in Modem

Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830sm7325-ae_firmware315_5g_iot_modem_firmwareqcs2290_firmwareqca8337wcn785x-5wcd9360_firmwarecsra6620sm7250-ac_firmwareqcs4290wcn3950_firmwareqcs2290qca6595au_firmwareqca6390_firmwaresnapdragon_x70_modem-rf_systemsm8350wcd9370csra6620_firmwarecsra6640_firmwaresm6115wcn685x-1qcs400_firmwaresm7350-ab_firmwaresm8450sm4375wcn3998sm8250-abwcd9385_firmwarewcn3950qcn6024_firmwaresm6375_firmwaresm7325-afsm7315_firmwaresm7325-aesnapdragon_x55_5g_modem-rf_systemsdx55_firmwaresm4250-aaqca6595auwcn3998_firmwareqca8081_firmwaresm6225-adsm7250p_firmwaresm7325-af_firmwarewcd9375_firmwarewcd9360sm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresm6225snapdragon_x70_modem-rf_system_firmwaresm6225-ad_firmwareqcs6490sm8250_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemsm7250-aawsa8810_firmwaresm4375_firmwaresm8450_firmwaresw5100wcd9335sg4150pqca8081wcn685x-1_firmwareqcs4290_firmwarewcd9341wcd9385qca6696_firmwareqcs6490_firmwareqca6390ar8035sm4350_firmwarewcd9375wcn3910_firmwaresm8250-ac_firmwarewsa8830_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqcm6490wcn3988wsa8815_firmwarewsa8835_firmwaresm4250-aa_firmwaresm7350-absm8475wcn6750_firmwaresg4150p_firmwarewcn785x-1qcm4325qcm2290_firmwaresm6375sm6115_firmwareqca8337_firmwarewcd9380_firmwaresw5100psnapdragon_w5\+_gen_1_wearable_platformsm8350-ac_firmwaresd888wsa8835snapdragon_7c\+_gen_3_computesnapdragon_auto_5g_modem-rfwcd9380qca6574awcn685x-5_firmwaresm7325psm7325wcn6750wcd9335_firmwarewcn3980qcm4325_firmwaresm7250-abwsa8815sm7325p_firmwarewcn3910sdx57m_firmwareqca6574a_firmwareqcn9024wcn785x-5_firmwaresm7315sm8250-ab_firmwareqca6391snapdragon_x55_5g_modem-rf_system_firmwarewcn3980_firmwaresm6350sm8475_firmwarewcn6740_firmwaresnapdragon_x65_5g_modem-rf_systemqcm4290qcm6490_firmwaresm8350_firmwarewcn685x-5sm6225_firmwaresm6350_firmwarewcn785x-1_firmwareqcn9024_firmwaresdx57mwcd9341_firmwareqcm4290_firmwaresm7250-aa_firmwarewsa8810sm7250-acsw5100p_firmwaresm8350-acwcn6740qca6696qca6391_firmwaresm4350wcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640qcn6024sm7250psw5100_firmwareqcs400ar8035_firmwareqcm2290sm7325_firmwareSnapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-6062
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-8.33% / 92.12%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 18:25
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-coturn_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-coturnfedoradebian_linuxubuntu_linuxCoTURN
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-2893
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-5.27% / 89.80%
||
7 Day CHG~0.00%
Published-07 Nov, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.

Action-Not Available
Vendor-cesantaCesanta
Product-mongooseMongoose
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-3341
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.36%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Aug, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-debian_linuxffmpegFFmpeg
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6535
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.49%
||
7 Day CHG+0.01%
Published-07 Feb, 2024 | 21:04
Updated-06 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_execute_request

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxenterprise_linux_euscodeready_linux_builder_for_arm64_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_arm_64_eusvirtualization_hostenterprise_linux_server_auscodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_euslinux_kernelenterprise_linux_server_tusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timeRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-33223
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in Modem

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-33294
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 04:46
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference in Modem

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206wcd9306snapdragon_wear_1300mdm8207snapdragon_wear_1200wcd9330mdm9207snapdragon_x5_lte_modem_firmwaremdm8207_firmwaresnapdragon_wear_1100mdm9205_firmwaremdm9205qca4004_firmwaremdm9206_firmwaremdm9207_firmwareqca4004qts110wcd9306_firmwaresnapdragon_wear_1100_firmwaresnapdragon_wear_1300_firmwarewcd9330_firmwaresnapdragon_wear_1200_firmwaresnapdragon_x5_lte_modemqts110_firmwareSnapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-3354
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.71%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 16:16
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.QEMUFedora Project
Product-openstack_platformqemufedoraenterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8 Advanced VirtualizationExtra Packages for Enterprise LinuxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat OpenStack Platform 13 (Queens)FedoraqemuRed Hat Enterprise Linux 8
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-18664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.09%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 15:33
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 (June 2017).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-36646
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.11% / 29.65%
||
7 Day CHG~0.00%
Published-07 Jan, 2023 | 19:34
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MediaArea ZenLib Ztring.cpp Date_From_Seconds_1970_Local unknown vulnerability

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.

Action-Not Available
Vendor-mediaareaMediaArea
Product-zenlibZenLib
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-33299
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.16%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 05:02
Updated-09 Apr, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer dereference in Bluetooth HOST

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwaremdm9640_firmwaremsm8996au_firmwareqca6595qca6564aucsrb31024mdm9628_firmwarewcd9360_firmwaremdm9650csra6620qca6574msm8996aumdm9250qca6595au_firmwarecsra6620_firmwareqca6574amdm9206csra6640_firmwareqca6174aqca6584au_firmwaresd626qca9377sa415mwcn3998wcd9335_firmwarewcn3980wcd9326_firmwaremdm9628sa515mmdm9206_firmwareqca6574_firmwarewcn3660bwsa8815qca6584_firmwaremdm9650_firmwareqca6175awcn3660b_firmwareqca6574a_firmwareqca6584qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcn3980_firmwarewcd9360sdx20mqca6564au_firmwareqca6584auqca9367_firmwaresa515m_firmwarear8031_firmwarecsrb31024_firmwareqca9367sdx20mdm9607_firmwaresa415m_firmwareqcs405qca6574auqcn9074mdm9607qca6564a_firmwareapq8017_firmwaresd626_firmwaresdx20m_firmwarewcd9326wcd9335mdm9150wcn3680bqca6174a_firmwaremdm9250_firmwareapq8096auqca6696_firmwarear8031qca6595_firmwareqcs405_firmwareqca6696sdx55apq8096au_firmwarecsra6640sdx20_firmwarewsa8815_firmwareapq8017qcn9074_firmwareqca6564aqca6175a_firmwaremdm9640Snapdragon
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6603
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 14:20
Updated-21 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ffmpeg: null pointer dereference in ffmpeg hls parsing

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.

Action-Not Available
Vendor-FFmpeg
Product-ffmpeg
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-36138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-09 Oct, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6356
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.77%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 21:04
Updated-06 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_build_iovec

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxenterprise_linux_euscodeready_linux_builder_for_arm64_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_arm_64_eusvirtualization_hostenterprise_linux_server_ausdebian_linuxcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_tuslinux_kernelenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timeRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-33304
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.18%
||
7 Day CHG+0.01%
Published-02 May, 2023 | 05:08
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointers dereference in Modem

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_1100_wearable_platformwsa8830wcd9380_firmwaressg2125psxr2230p_firmware9207_lte_modemwcd9330wcn785x-59205_lte_modemqca-4020-0-217msp_firmwarecsra6620qca-4024-1-68cmqfn_firmwareqca4024_firmwarewsa8835sxr1230p_firmwarewcd9380snapdragon_wear_1300_platformqca-4024-0-68cmqfncsra6620_firmwaressg2125p_firmwaressg2115pcsra6640_firmwarewcn685x-5_firmwaresxr1230pwcn685x-1qcs400_firmwarewcd9335_firmwarewcn3980wcd9385_firmwaresnapdragon_1200_wearable_platform_firmwarewsa8815qca-4020-1-217mspsxr2230pwcn3999_firmwarewcn785x-5_firmwarewcn3980_firmwarewcd9330_firmware9205_lte_modem_firmwarewcd9306mdm8207wcn3999snapdragon_x5_lte_modem_firmwarear8031_firmwarewsa8832_firmware9206_lte_modemwcn685x-5qca4004_firmware9206_lte_modem_firmwarewcn785x-1_firmwareqts110wcd9306_firmwareqca-4024-1-68cmqfnwsa8810_firmwarewsa8810wsa8832snapdragon_ar2_gen_1_platform_firmwarewcd9335qca-4024-0-68cmqfn_firmwaresnapdragon_ar2_gen_1_platformwcn685x-1_firmwaresnapdragon_wear_1300_platform_firmwarewcd93859207_lte_modem_firmwarear8031mdm8207_firmwareqca4024snapdragon_1100_wearable_platform_firmwareqca-4020-0-217mspqca4004wsa8830_firmwarecsra6640wsa8815_firmwarewsa8835_firmwaressg2115p_firmwaresnapdragon_1200_wearable_platformqca-4020-1-217msp_firmwareqcs400wcn785x-1snapdragon_x5_lte_modemqts110_firmwareSnapdragon9205_lte_modem_firmwarewcd9380_firmwaresxr2230p_firmwaresmart_audio_400_platform_firmwarear8031_firmwaresnapdragon_x5_lte_modem_firmwarewsa8832_firmwarefastconnect_6900_firmwareqca4004_firmware9206_lte_modem_firmwareqca4024_firmwarewcd9306_firmwaresxr1230p_firmwarewsa8810_firmwarefastconnect_7800_firmwarehome_hub_100_platform_firmwaresnapdragon_ar2_gen_1_platform_firmwarecsra6620_firmwaressg2125p_firmwarecsra6640_firmwaresnapdragon_wear_1300_platform_firmware9207_lte_modem_firmwarewcd9335_firmwaremdm8207_firmwarewcd9385_firmwaresnapdragon_1200_wearable_platform_firmwaresnapdragon_1100_wearable_platform_firmwarewsa8830_firmwarewsa8815_firmwarewsa8835_firmwaressg2115p_firmwarewcn3999_firmwarewcn3980_firmwarewcd9330_firmwareqts110_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-34088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.20%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-01 May, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.

Action-Not Available
Vendor-frroutingn/afrrouting
Product-frroutingn/afrrouting
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 24.80%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-29 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.

Action-Not Available
Vendor-emqxn/a
Product-nanomqn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-3116
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.

Action-Not Available
Vendor-heimdal_projectn/a
Product-heimdalHeimdal Software Kerberos
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-32298
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.63%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 19:12
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors.

Action-Not Available
Vendor-toybox_projectn/a
Product-toyboxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.95%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 00:00
Updated-08 Nov, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.

Action-Not Available
Vendor-toshibatecfujifilmn/afujifilmtoshibaBrother Industries, Ltd.
Product-mfc-j895dwdcp-t510w\(china\)dcp-l2520dwrdcp-j972nmfc-j5520dwdcp-1617nwdocuprint_p265_dw_firmwaremfc-j5820dndcp-1612we_firmwaremfc-j497dwdcp-j973n-b_firmwaremfc-j898nmfc-j830d\(w\)n_firmwaremfc-j5335dwmfc-l2740dwr_firmwaremfc-j2320mfc-1910wehl-1222wemfc-j895dw_firmwaremfc-j898n_firmwaredcp-l2540dnr_firmwaremfc-j907d\(w\)n_firmwarehl-1218w_firmwaredocuprint_p118_wmfc-l2705dwmfc-j893n_firmwarehl-l2340dwr_firmwaredocuprint_m268_z_firmwaremfc-1911nwhl-l2360dnrdcp-l2560dw_firmwaredcp-1623wr_firmwaremfc-l2740dw\(japan\)mfc-j5620cdwdcp-l8410cdw_firmwaredcp-j587nmfc-j5520dw_firmwaremfc-j4320dwhl-2560dndcp-j981n_firmwaredocuprint_m115_zdocuprint_m115_w_firmwaremfc-j4720n_firmwaremfc-j998dn_firmwaredcp-j963n-bhl-l8260cdndcp-j4220n-bdocuprint_m118_zmfc-j5720cdw\(japan\)_firmwaredcp-l2560dwrhl-l2315dwmfc-l2685dwdocuprint_m115_fw_firmwaredcp-j982n-bmfc-j997d\(w\)nmfc-j903n_firmwaredcp-1612wvb_firmwaremfc-1912wr_firmwaremfc-j893nmfc-l2720dw_firmwaremfc-j5620dwdcp-j587n_firmwaremfc-l9570cdw_firmwaredcp-l2540dw\(japan\)hl-1211w_firmwaredcp-j762ndcp-j572dwdcp-j577ndcp-j582n_firmwaredocuprint_p268_ddcp-j973n-wmfc-l2720dwr_firmwaredocuprint_m115_z_firmwaremfc-j998dwn_firmwaremfc-l2707dwdcp-l2520dw_firmwarehl-l2340dwdcp-j4220n-w_firmwaremfc-t810wmfc-j837d\(w\)n_firmwarehl-1222we_firmwaremfc-j2330dw_firmwaremfc-l9570cdwfax-l2700dn_firmwaredcp-j978n-b_firmwaredocuprint_p118_w_firmwaredocuprint_m225_dw_firmwaredcp-t710w_firmwaredcp-1612wr_firmwaremfc-l8610cdw\(japan\)mfc-j6995cdwmfc-j2320_firmwaredcp-1610wvbmfc-j5730dwdcp-t510whl-l2365dwmfc-j6983cdwdocuprint_p225_d_firmwaredcp-j982n-b_firmwaremfc-l2705dw_firmwaredcp-j978n-wmfc-1910wmfc-1916nwmfc-j6583cdwdcp-l2560dwr_firmwaremfc-l2720dn_firmwaremfc-j900d\(w\)n_firmwaremfc-j880n_firmwarehl-l8360cdwtmfc-1911whl-1223wrdcp-l2541dw_firmwaredocuprint_m268_dw_firmwaremfc-j6535dwmfc-l2701dwdocuprint_m225_z_firmwaredcp-j982n-w_firmwaredocuprint_m225_dwdcp-j4225n-bmfc-l2701dw_firmwaremfc-j2720mfc-j485dwhl-1210wvb_firmwarehl-l9310cdwmfc-1915w_firmwaremfc-l2680w_firmwaredcp-j968n-wmfc-j5920dwhl-1212w_firmwaremfc-j737d\(w\)n_firmwaremfc-l8610cdwdcp-j983nmfc-j5730dw_firmwaremfc-j985dwmfc-l8900cdwmfc-l2685dw_firmwaremfc-j738dwndcp-j772dwmfc-j680dwmfc-j738dn_firmwaredcp-1610wvb_firmwaremfc-j5320dw_firmwaredcp-j972n_firmwaredcp-1618wdcp-j772dw_firmwaredcp-t510w_firmwaredocuprint_p225_dhl-l8360cdwt_firmwaredcp-j4120dwmfc-t810w\(china\)_firmwaremfc-j5625dw_firmwaredcp-j978n-w_firmwaredcp-1610wemfc-l8900cdw_firmwaredcp-l2540dnhl-l8360cdw_firmwaremfc-j5630cdw_firmwaredcp-j973n-bdcp-l8410cdwdcp-1616nwhl-1223wr_firmwarehl-1212wvbhl-1210wvbdcp-j982n-wmfc-j900d\(w\)nmfc-j5930dwhl-l2366dw_firmwarehl-1210wr_firmwaredcp-j962n_firmwaredcp-j963n-w_firmwarehl-l2361dn_firmwaree-studio_302dnfmfc-l9577cdwdcp-1612wrmfc-j5720dw_firmwaremfc-l2720dwrmfc-j6583cdw_firmwaredcp-1610wr_firmwaredcp-1610we_firmwaremfc-l9570cdw\(japan\)mfc-j680dw_firmwaremfc-j491dw_firmwaremfc-j775dwdocuprint_p115_w_firmwarehl-l8360cdwmfc-j491dwmfc-1912wrmfc-j5820dn_firmwaredcp-j978n-bmfc-l2703dw_firmwaredcp-j968n-b_firmwaremfc-j3930dwmfc-j4725n_firmwaremfc-j3930dw_firmwaredcp-1610wrmfc-l2740dw_firmwarehl-1223we_firmwaremfc-j5830dwmfc-j3530dwmfc-j6580cdwmfc-j6930dw_firmwaredcp-j987n-b_firmwarehl-1210w_firmwaredcp-j987n-wdcp-l2540dwdocuprint_m118_z_firmwaremfc-t910dw_firmwaredcp-j968n-w_firmwaredcp-l2540dw\(japan\)_firmwaredcp-j963n-whl-l2340dw_firmwaremfc-j6930dwdcp-1610w_firmwaredcp-l2560dwhl-l2365dw_firmwaredcp-j562dwmfc-j998dnmfc-l2700dwdcp-j983n_firmwaredcp-j785dwdcp-j572ndcp-l2520dwdcp-1616nw_firmwarehl-l2360dndocuprint_p115_wmfc-l2700dw_firmwarehl-1218wdcp-j562dw_firmwaredocuprint_m268_dwmfc-j480dwmfc-j5620cdw_firmwaremfc-j4620dwdcp-j987n-bdcp-j4225n-w_firmwaremfc-j5625dwdcp-t710w\(china\)_firmwaredcp-j562n_firmwaremfc-j990d\(w\)ndcp-1623wrhl-1212we_firmwaremfc-1916nw_firmwaredcp-l2520dwr_firmwaremfc-j6730dw_firmwaredocuprint_m265_zdcp-1618w_firmwaredcp-t710wmfc-j885dwhl-l2315dw_firmwaremfc-l2740dw\(japan\)_firmwaredcp-l2541dwhl-l2365dwrhl-l9310cdw_firmwaremfc-j6530dwdcp-1615nwdcp-7180dn_firmwaredcp-j4225n-b_firmwaredcp-j963n-b_firmwaremfc-j880nhl-l2365dwr_firmwarefax-l2700dndcp-j4220n-wdocuprint_m115_fwmfc-j990d\(w\)n_firmwarehl-1210wrmfc-l2680wmfc-j460dwhl-l2360dw_firmwaredocuprint_m265_z_firmwaredcp-1610wdcp-j567n_firmwaremfc-j2730dw_firmwaremfc-j480dw_firmwaremfc-j5330dwhl-1210wehl-l2305wdcp-j767n_firmwaremfc-j2720_firmwaredcp-l2540dn_firmwarehl-2560dn_firmwaremfc-j3530dw_firmwaredcp-1615nw_firmwaremfc-j5830dw_firmwarehl-l8260cdn_firmwaremfc-j5335dw_firmwaremfc-j887ndocuprint_p265_dwdcp-j4220n-b_firmwaremfc-j5720dwdcp-1617nw_firmwarehl-l2340dwrdcp-1612wmfc-j6983cdw_firmwaredcp-j582nmfc-1911nw_firmwarehl-1210we-studio_301dndcp-j567nhl-l2305w_firmwaremfc-j830d\(w\)ndocuprint_m268_zdcp-1612wedcp-j968n-bhl-1210we_firmwaremfc-j6980cdw_firmwaremfc-j6535dw_firmwaremfc-j890dwdocuprint_m118_w_firmwaredcp-j774dwdcp-t510w\(china\)_firmwaremfc-1910w_firmwaremfc-j2730dwmfc-j5320dwmfc-1910we_firmwaremfc-j997d\(w\)n_firmwarehl-l2360dn_firmwaremfc-j998dwndcp-j572n_firmwaredocuprint_m225_zmfc-7880dn_firmwaremfc-j890dw_firmwaremfc-j5330dw_firmwaredcp-j973n-w_firmwaremfc-j6995cdw_firmwaremfc-j738dwn_firmwaredcp-j987n-w_firmwarehl-l2380dwhl-1212wvb_firmwaremfc-j4320dw_firmwaredcp-j785dw_firmwaremfc-l2703dwmfc-l8610cdw\(japan\)_firmwaredcp-1612wvbdcp-l2540dw_firmwaremfc-1915wmfc-l8690cdw_firmwaredcp-t710w\(china\)mfc-l9577cdw_firmwaremfc-j730d\(w\)nmfc-l2720dnmfc-j737d\(w\)ne-studio_302dnf_firmwarehl-1212wdcp-j762n_firmwaredcp-j4225n-wdocuprint_p268_d_firmwaremfc-j885dw_firmwaremfc-j903nmfc-1919nwmfc-t810w_firmwarehl-l8260cdwmfc-l2700dndocuprint_m118_wdcp-j767nmfc-j4620dw_firmwaremfc-l2700dn_firmwaremfc-j5620dw_firmwaree-studio_301dn_firmwaredcp-1612w_firmwarehl-1211wmfc-j4420dwmfc-j460dw_firmwaredcp-j962nmfc-1911w_firmwaremfc-l2707dw_firmwaremfc-l8690cdwdcp-l2540dnrdcp-j577n_firmwaremfc-j497dw_firmwaremfc-l9570cdw\(japan\)_firmwaremfc-j880dw_firmwarehl-l2360dnr_firmwaredcp-j572dw_firmwaremfc-j5720cdw\(japan\)mfc-j985dw_firmwaremfc-j6730dwmfc-j4720ndcp-j4120dw_firmwaremfc-j5630cdwmfc-j775dw_firmwarehl-1212wr_firmwaremfc-l2740dwrdcp-1622wedcp-j562nmfc-j4725nmfc-l2740dwmfc-t910dwmfc-j837d\(w\)nmfc-j730d\(w\)n_firmwaredocuprint_p268_dwmfc-j880dwmfc-j907d\(w\)nmfc-j6935dw_firmwaremfc-j485dw_firmwaremfc-l2700dnrmfc-j6530dw_firmwaremfc-j5920dw_firmwarehl-1212wemfc-l2700dnr_firmwarehl-l2361dnhl-l2366dwmfc-j4420dw_firmwaredcp-1622we_firmwaremfc-j6935dwdcp-j774dw_firmwaremfc-j4625dw_firmwarehl-l8260cdw_firmwaredocuprint_m115_wmfc-j6980cdwdcp-j981nmfc-t810w\(china\)mfc-j738dnmfc-l2700dwr_firmwaredocuprint_p268_dw_firmwaremfc-j5930dw_firmwaredcp-1623wemfc-j690dw_firmwaremfc-j4625dwmfc-l2720dwmfc-l2700dwrdcp-7180dndcp-1623we_firmwaremfc-j2330dwmfc-l8610cdw_firmwaremfc-j690dwmfc-7880dnhl-l2360dwhl-l2380dw_firmwarehl-1223wemfc-1919nw_firmwaremfc-j6580cdw_firmwaremfc-j887n_firmwarehl-1212wrn/adocuprint_p115_wmfc-j960dwn_firmwaree-studio_301dn_302dnf
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-35680
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.23% / 88.55%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 15:53
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

Action-Not Available
Vendor-opensmtpdn/aFedora Project
Product-opensmtpdfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-28345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.86%
||
7 Day CHG~0.00%
Published-08 Nov, 2020 | 04:04
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-2973
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-0.13% / 32.30%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 15:28
Updated-16 Apr, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MZ Automation libIEC61850 NULL Pointer Dereference

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.

Action-Not Available
Vendor-mz-automationMZ Automation
Product-libiec61850libIEC61850
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-52883
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 11:54
Updated-04 May, 2025 | 07:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
drm/amdgpu: Fix possible null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinuxlinux_kernel
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31164
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.89%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:54
Updated-20 Sep, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-31175
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.89%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 13:56
Updated-20 Sep, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in libfluid_msg library

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TablePropertiesList::unpack. This issue affects libfluid: 0.1.0.

Action-Not Available
Vendor-opennetworkingOpen Networking Foundation (ONF)open_networking_foundation
Product-libfluid_msglibfluidlibfluid
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-52303
Matching Score-4
Assigner-Baidu, Inc.
ShareView Details
Matching Score-4
Assigner-Baidu, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 29.99%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 08:12
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in paddle.put_along_axis

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Action-Not Available
Vendor-paddlepaddlePaddlePaddle
Product-paddlepaddlePaddlePaddle
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-52302
Matching Score-4
Assigner-Baidu, Inc.
ShareView Details
Matching Score-4
Assigner-Baidu, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 34.40%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 08:12
Updated-14 Nov, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Segfault in paddle.nextafter

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Action-Not Available
Vendor-paddlepaddlePaddlePaddle
Product-paddlepaddlePaddlePaddle
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14436
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-2.22% / 84.22%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 20:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.Talos (Cisco Systems, Inc.)
Product-edr-810_firmwareedr-810Moxa
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-51394
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.04%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 19:13
Updated-12 Feb, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential DoS for EFR32xxx parts in high traffic environments due to null buffer dereference / crash

High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.

Action-Not Available
Vendor-silabssilabs.comsilabs
Product-emberznetEmber ZNet SDKemberznet_sdk
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61960
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.15% / 36.04%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 13:55
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP APM portal access vulnerability

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-14437
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-2.22% / 84.22%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 20:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.Talos (Cisco Systems, Inc.)
Product-edr-810_firmwareedr-810Moxa
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-26916
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 00:00
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.

Action-Not Available
Vendor-cesnetn/aFedora Project
Product-libyangfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29491
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 77.10%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:49
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP LTM, Advanced WAF, ASM, and APM
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29795
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.95%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:05
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.63%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 12:46
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-48416
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.5||HIGH
EPSS-1.08% / 77.58%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • ...
  • 12
  • 13
  • 14
  • ...
  • 17
  • 18
  • Next
Details not found