VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 30 of 80
  • CVE-2018-15504HigAug 18, 2018
    risk 0.42cvss 7.5epss 0.03

    An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater…

  • CVE-2018-14884HigAug 3, 2018
    risk 0.42cvss 7.5epss 0.03

    An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an…

  • CVE-2016-8626MedJul 31, 2018
    risk 0.42cvss 6.5epss 0.02

    A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.

  • CVE-2018-6972MedJul 25, 2018
    risk 0.42cvss 6.5epss 0.03

    VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer…

  • CVE-2018-14448MedJul 20, 2018
    risk 0.42cvss 6.5epss 0.01

    Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav.

  • CVE-2018-13440MedJul 8, 2018
    risk 0.42cvss 6.5epss 0.03

    The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

  • CVE-2018-13250MedJul 5, 2018
    risk 0.42cvss 6.5epss 0.01

    libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

  • CVE-2017-2668MedJun 22, 2018
    risk 0.42cvss 6.5epss 0.03

    389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in…

  • CVE-2018-11256MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

  • CVE-2018-11204MedMay 16, 2018
    risk 0.42cvss 6.5epss 0.02

    A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.

  • CVE-2018-11202MedMay 16, 2018
    risk 0.42cvss 6.5epss 0.02

    A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.

  • CVE-2018-10241MedMay 16, 2018
    risk 0.42cvss 6.5epss 0.02

    A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.

  • CVE-2017-12124MedMay 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this…

  • CVE-2018-10775MedMay 7, 2018
    risk 0.42cvss 6.5epss 0.02

    NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml.

  • CVE-2018-10773MedMay 7, 2018
    risk 0.42cvss 6.5epss 0.01

    NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml.

  • CVE-2018-10768MedMay 6, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

  • CVE-2018-10126MedApr 21, 2018
    risk 0.42cvss 6.5epss 0.02

    ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

  • CVE-2018-9165MedApr 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may…

  • CVE-2018-9132MedMar 30, 2018
    risk 0.42cvss 6.5epss 0.02

    libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

  • CVE-2017-18253MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.