CWE-476
NULL Pointer Dereference
BaseStableLikelihood: Medium
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,024)
page 7 of 52| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6298 | Hig | 0.51 | 7.8 | 0.00 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked." | |
| CVE-2016-4780 | Hig | 0.51 | 7.8 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |
| CVE-2016-4678 | Hig | 0.51 | 7.8 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |
| CVE-2017-0323 | Hig | 0.51 | 7.8 | 0.00 | Feb 15, 2017 | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. | |
| CVE-2017-0315 | Hig | 0.51 | 7.8 | 0.00 | Feb 15, 2017 | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges. | |
| CVE-2016-7080 | Hig | 0.51 | 7.8 | 0.00 | Dec 29, 2016 | The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079. | |
| CVE-2016-7079 | Hig | 0.51 | 7.8 | 0.00 | Dec 29, 2016 | The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080. | |
| CVE-2016-8814 | Hig | 0.51 | 7.8 | 0.00 | Dec 16, 2016 | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. | |
| CVE-2016-8813 | Hig | 0.51 | 7.8 | 0.00 | Dec 16, 2016 | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges. | |
| CVE-2016-9313 | Hig | 0.51 | 7.8 | 0.00 | Nov 28, 2016 | security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. | |
| CVE-2016-4777 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. | |
| CVE-2016-4724 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2016 | IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |
| CVE-2016-4696 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2016 | AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |
| CVE-2016-3070 | Hig | 0.51 | 7.8 | 0.00 | Aug 6, 2016 | The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. | |
| CVE-2016-4627 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2016 | IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |
| CVE-2016-4626 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2016 | IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |
| CVE-2014-7826 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2014 | kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. | |
| CVE-2011-2525 | Hig | 0.51 | 7.8 | 0.00 | Feb 2, 2012 | The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. | |
| CVE-2011-1771 | Hig | 0.51 | 7.8 | 0.00 | Sep 6, 2011 | The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. | |
| CVE-2011-1887 | Hig | 0.51 | 7.8 | 0.01 | Jul 13, 2011 | win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." |