CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,587)
page 15 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27279 | Hig | 0.49 | 7.5 | 0.02 | Jan 6, 2021 | A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001). | ||
| CVE-2020-29652 | — | Hig | 0.49 | 7.5 | 0.03 | Dec 17, 2020 | A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | |
| CVE-2020-7711 | — | Hig | 0.49 | 7.5 | 0.02 | Aug 23, 2020 | This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |
| CVE-2019-14493 | — | Hig | 0.49 | 7.5 | 0.03 | Aug 1, 2019 | An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. | |
| CVE-2018-19801 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2019 | aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. | |
| CVE-2018-18066 | Hig | 0.49 | 7.5 | 0.04 | Oct 8, 2018 | snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | ||
| CVE-2018-17142 | — | Hig | 0.49 | 7.5 | 0.03 | Sep 17, 2018 | The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. | |
| CVE-2018-17127 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2018 | blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. | ||
| CVE-2018-17073 | Hig | 0.49 | 7.5 | 0.01 | Sep 16, 2018 | wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. | ||
| CVE-2018-14737 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2018 | An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c. | ||
| CVE-2018-14588 | Hig | 0.49 | 7.5 | 0.01 | Jul 24, 2018 | An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | ||
| CVE-2018-3841 | Hig | 0.49 | 7.5 | 0.02 | Jun 26, 2018 | A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer… | ||
| CVE-2018-3840 | Hig | 0.49 | 7.5 | 0.02 | Jun 26, 2018 | A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a… | ||
| CVE-2018-12697 | Hig | 0.49 | 7.5 | 0.05 | Jun 23, 2018 | A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | ||
| CVE-2018-12648 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 22, 2018 | The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. | |
| CVE-2018-10945 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2018 | The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | ||
| CVE-2017-5416 | Hig | 0.49 | 7.5 | 0.02 | Jun 11, 2018 | In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52. | ||
| CVE-2018-11359 | Hig | 0.49 | 7.5 | 0.03 | May 22, 2018 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. | ||
| CVE-2018-11356 | Hig | 0.49 | 7.5 | 0.03 | May 22, 2018 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. | ||
| CVE-2017-14437 | Hig | 0.49 | 7.5 | 0.02 | May 14, 2018 | An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini"… |
- risk 0.49cvss 7.5epss 0.02
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
- risk 0.49cvss 7.5epss 0.03
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
- risk 0.49cvss 7.5epss 0.02
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
- risk 0.49cvss 7.5epss 0.03
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
- risk 0.49cvss 7.5epss 0.02
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.
- risk 0.49cvss 7.5epss 0.04
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
- risk 0.49cvss 7.5epss 0.03
The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
- risk 0.49cvss 7.5epss 0.01
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.
- risk 0.49cvss 7.5epss 0.01
wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.
- risk 0.49cvss 7.5epss 0.01
An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.
- risk 0.49cvss 7.5epss 0.02
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer…
- risk 0.49cvss 7.5epss 0.02
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a…
- risk 0.49cvss 7.5epss 0.05
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
- risk 0.49cvss 7.5epss 0.02
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
- risk 0.49cvss 7.5epss 0.01
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.
- risk 0.49cvss 7.5epss 0.02
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
- risk 0.49cvss 7.5epss 0.02
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini"…