CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,587)
page 21 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6317 | Hig | 0.49 | 7.5 | 0.04 | Sep 7, 2016 | Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks… | ||
| CVE-2011-1985 | Hig | 0.49 | 7.1 | 0.02 | Oct 12, 2011 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or… | ||
| CVE-2011-0709 | Hig | 0.49 | 7.5 | 0.04 | Feb 18, 2011 | The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. | ||
| CVE-2009-3547 | Hig | 0.49 | 7.0 | 0.05 | Nov 4, 2009 | Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | ||
| CVE-2008-3597 | Hig | 0.49 | 7.5 | 0.03 | Aug 12, 2008 | Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | ||
| CVE-2004-0458 | Hig | 0.49 | 7.5 | 0.03 | Sep 28, 2004 | mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. | ||
| CVE-2004-0365 | Hig | 0.49 | 7.5 | 0.06 | May 4, 2004 | The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. | ||
| CVE-2003-1013 | Hig | 0.49 | 7.5 | 0.03 | Jan 5, 2004 | The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference. | ||
| CVE-2003-1000 | Hig | 0.49 | 7.5 | 0.03 | Jan 5, 2004 | xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | ||
| CVE-2002-1912 | Hig | 0.49 | 7.5 | 0.03 | Dec 31, 2002 | SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets. | ||
| CVE-2002-0401 | Hig | 0.49 | 7.5 | 0.06 | Jun 18, 2002 | SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. | ||
| CVE-1999-0052 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 1998 | IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. | ||
| CVE-2026-40414 | Hig | 0.48 | 7.4 | 0.01 | May 12, 2026 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2026-40413 | Hig | 0.48 | 7.4 | 0.00 | May 12, 2026 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2026-42800 | Hig | 0.48 | 7.4 | 0.00 | Apr 30, 2026 | NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c. | ||
| CVE-2024-39356 | Hig | 0.48 | 7.4 | 0.00 | Feb 12, 2025 | NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||
| CVE-2021-37639 | Hig | 0.48 | 8.4 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap… | ||
| CVE-2026-24716 | Hig | 0.47 | 7.2 | 0.00 | Jun 10, 2026 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the… | ||
| CVE-2025-66281 | Hig | 0.47 | 7.2 | 0.00 | Jun 10, 2026 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions:… | ||
| CVE-2025-62850 | Hig | 0.47 | 7.2 | 0.00 | Jun 10, 2026 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the… |
- risk 0.49cvss 7.5epss 0.04
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks…
- risk 0.49cvss 7.1epss 0.02
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or…
- risk 0.49cvss 7.5epss 0.04
The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.
- risk 0.49cvss 7.0epss 0.05
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
- risk 0.49cvss 7.5epss 0.03
Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
- risk 0.49cvss 7.5epss 0.03
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
- risk 0.49cvss 7.5epss 0.06
The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
- risk 0.49cvss 7.5epss 0.03
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
- risk 0.49cvss 7.5epss 0.03
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
- risk 0.49cvss 7.5epss 0.03
SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.
- risk 0.49cvss 7.5epss 0.06
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
- risk 0.49cvss 7.5epss 0.02
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
- risk 0.48cvss 7.4epss 0.01
Windows TCP/IP Denial of Service Vulnerability
- risk 0.48cvss 7.4epss 0.00
Windows TCP/IP Denial of Service Vulnerability
- risk 0.48cvss 7.4epss 0.00
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.
- risk 0.48cvss 7.4epss 0.00
NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- risk 0.48cvss 8.4epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap…
- risk 0.47cvss 7.2epss 0.00
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the…
- risk 0.47cvss 7.2epss 0.00
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions:…
- risk 0.47cvss 7.2epss 0.00
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the…