CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,024)
page 16 of 52| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2003-1000 | Hig | 0.49 | 7.5 | 0.01 | Jan 5, 2004 | xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | |
| CVE-2002-1912 | Hig | 0.49 | 7.5 | 0.02 | Dec 31, 2002 | SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets. | |
| CVE-2002-0401 | Hig | 0.49 | 7.5 | 0.08 | Jun 18, 2002 | SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. | |
| CVE-1999-0052 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 1998 | IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. | |
| CVE-2026-40414 | Hig | 0.48 | 7.4 | 0.00 | May 12, 2026 | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network. | |
| CVE-2026-40413 | Hig | 0.48 | 7.4 | 0.00 | May 12, 2026 | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network. | |
| CVE-2026-42800 | Hig | 0.48 | 7.4 | 0.00 | Apr 30, 2026 | NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c. | |
| CVE-2024-39356 | Hig | 0.48 | 7.4 | 0.00 | Feb 12, 2025 | NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |
| CVE-2026-40401 | Hig | 0.46 | 7.1 | 0.00 | May 12, 2026 | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. | |
| CVE-2026-26173 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |
| CVE-2017-12952 | Med | 0.46 | 6.5 | 0.05 | Aug 28, 2017 | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |
| CVE-2017-12950 | Med | 0.46 | 6.5 | 0.04 | Aug 28, 2017 | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |
| CVE-2017-9124 | Med | 0.46 | 6.5 | 0.08 | Jun 12, 2017 | The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. | |
| CVE-2017-4916 | Med | 0.46 | 6.5 | 0.10 | May 22, 2017 | VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. | |
| CVE-2009-2516 | Hig | 0.46 | 7.1 | 0.02 | Oct 14, 2009 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." | |
| CVE-2024-41884 | Med | 0.45 | — | 0.01 | Dec 24, 2024 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | |
| CVE-2024-41883 | Med | 0.45 | — | 0.01 | Dec 24, 2024 | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | |
| CVE-2025-20080 | Med | 0.44 | 6.8 | 0.00 | Feb 10, 2026 | Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2026-24805 | Med | 0.44 | — | 0.00 | Jan 27, 2026 | NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C. This issue affects liteide: before x38.4. | |
| CVE-2025-9337 | Med | 0.44 | — | 0.00 | Oct 13, 2025 | A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
- risk 0.49cvss 7.5epss 0.01
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
- risk 0.49cvss 7.5epss 0.02
SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.
- risk 0.49cvss 7.5epss 0.08
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
- risk 0.49cvss 7.5epss 0.01
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
- risk 0.48cvss 7.4epss 0.00
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
- risk 0.48cvss 7.4epss 0.00
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
- risk 0.48cvss 7.4epss 0.00
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.
- risk 0.48cvss 7.4epss 0.00
NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- risk 0.46cvss 7.1epss 0.00
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 6.5epss 0.05
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
- risk 0.46cvss 6.5epss 0.04
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
- risk 0.46cvss 6.5epss 0.08
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
- risk 0.46cvss 6.5epss 0.10
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
- risk 0.46cvss 7.1epss 0.02
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
- risk 0.45cvss —epss 0.01
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
- risk 0.45cvss —epss 0.01
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
- risk 0.44cvss 6.8epss 0.00
Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
- risk 0.44cvss —epss 0.00
NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C. This issue affects liteide: before x38.4.
- risk 0.44cvss —epss 0.00
A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.