VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 15 of 80
  • CVE-2020-27279HigJan 6, 2021
    risk 0.49cvss 7.5epss 0.02

    A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).

  • CVE-2020-29652HigDec 17, 2020
    risk 0.49cvss 7.5epss 0.03

    A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

  • CVE-2020-7711HigAug 23, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

  • CVE-2019-14493HigAug 1, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.

  • CVE-2018-19801HigJun 7, 2019
    risk 0.49cvss 7.5epss 0.02

    aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.

  • CVE-2018-18066HigOct 8, 2018
    risk 0.49cvss 7.5epss 0.04

    snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

  • CVE-2018-17142HigSep 17, 2018
    risk 0.49cvss 7.5epss 0.03

    The html package (aka x/net/html) through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.

  • CVE-2018-17127HigSep 17, 2018
    risk 0.49cvss 7.5epss 0.01

    blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.

  • CVE-2018-17073HigSep 16, 2018
    risk 0.49cvss 7.5epss 0.01

    wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image.

  • CVE-2018-14737HigJul 30, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.

  • CVE-2018-14588HigJul 24, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

  • CVE-2018-3841HigJun 26, 2018
    risk 0.49cvss 7.5epss 0.02

    A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer…

  • CVE-2018-3840HigJun 26, 2018
    risk 0.49cvss 7.5epss 0.02

    A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a…

  • CVE-2018-12697HigJun 23, 2018
    risk 0.49cvss 7.5epss 0.05

    A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

  • CVE-2018-12648HigJun 22, 2018
    risk 0.49cvss 7.5epss 0.02

    The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.

  • CVE-2018-10945HigJun 19, 2018
    risk 0.49cvss 7.5epss 0.01

    The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.

  • CVE-2017-5416HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2018-11359HigMay 22, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.

  • CVE-2018-11356HigMay 22, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.

  • CVE-2017-14437HigMay 14, 2018
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini"…