CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,587)
page 17 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6951 | Hig | 0.49 | 7.5 | 0.09 | Feb 13, 2018 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. | ||
| CVE-2016-9570 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe. | ||
| CVE-2018-6644 | Hig | 0.49 | 7.5 | 0.02 | Feb 8, 2018 | SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. | ||
| CVE-2017-12464 | Hig | 0.49 | 7.5 | 0.02 | Feb 7, 2018 | ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable. | ||
| CVE-2017-12380 | Hig | 0.49 | 7.5 | 0.05 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in… | ||
| CVE-2017-12130 | Hig | 0.49 | 7.5 | 0.02 | Jan 20, 2018 | An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to… | ||
| CVE-2017-16728 | Hig | 0.49 | 7.5 | 0.02 | Jan 5, 2018 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. | ||
| CVE-2017-17997 | Hig | 0.49 | 7.5 | 0.02 | Dec 30, 2017 | In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | ||
| CVE-2017-17439 | Hig | 0.49 | 7.5 | 0.03 | Dec 6, 2017 | In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault.… | ||
| CVE-2017-8820 | Hig | 0.49 | 7.5 | 0.02 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed… | ||
| CVE-2017-1000200 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2017 | tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | ||
| CVE-2017-12719 | Hig | 0.49 | 7.5 | 0.03 | Nov 6, 2017 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | ||
| CVE-2017-15723 | Hig | 0.49 | 7.5 | 0.02 | Oct 22, 2017 | In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | ||
| CVE-2017-15721 | Hig | 0.49 | 7.5 | 0.02 | Oct 22, 2017 | In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. | ||
| CVE-2017-15600 | Hig | 0.49 | 7.5 | 0.02 | Oct 18, 2017 | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. | ||
| CVE-2014-3164 | Hig | 0.49 | 7.5 | 0.01 | Oct 18, 2017 | cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths. | ||
| CVE-2017-15286 | Hig | 0.49 | 7.5 | 0.03 | Oct 12, 2017 | SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. | ||
| CVE-2017-15267 | Hig | 0.49 | 7.5 | 0.03 | Oct 11, 2017 | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. | ||
| CVE-2015-2297 | Hig | 0.49 | 7.5 | 0.02 | Oct 6, 2017 | nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. | ||
| CVE-2017-14977 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2017 | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. |
- risk 0.49cvss 7.5epss 0.09
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
- risk 0.49cvss 7.5epss 0.01
cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.
- risk 0.49cvss 7.5epss 0.02
SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.
- risk 0.49cvss 7.5epss 0.02
ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.
- risk 0.49cvss 7.5epss 0.05
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in…
- risk 0.49cvss 7.5epss 0.02
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to…
- risk 0.49cvss 7.5epss 0.02
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
- risk 0.49cvss 7.5epss 0.02
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
- risk 0.49cvss 7.5epss 0.03
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault.…
- risk 0.49cvss 7.5epss 0.02
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed…
- risk 0.49cvss 7.5epss 0.01
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
- risk 0.49cvss 7.5epss 0.03
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
- risk 0.49cvss 7.5epss 0.02
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
- risk 0.49cvss 7.5epss 0.02
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.
- risk 0.49cvss 7.5epss 0.02
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
- risk 0.49cvss 7.5epss 0.01
cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.
- risk 0.49cvss 7.5epss 0.03
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.
- risk 0.49cvss 7.5epss 0.03
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
- risk 0.49cvss 7.5epss 0.02
nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.
- risk 0.49cvss 7.5epss 0.02
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.