VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 71 of 80
  • CVE-2025-6375LowJun 21, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally.…

  • CVE-2025-3010LowMar 31, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null…

  • CVE-2025-2926LowMar 28, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been…

  • CVE-2025-25471MedFeb 18, 2025
    risk 0.21cvss 4.3epss 0.00

    FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

  • CVE-2024-37996LowJul 9, 2024
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter…

  • CVE-2024-26277LowApr 9, 2024
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter…

  • CVE-2023-46051LowMar 27, 2024
    risk 0.21cvss 3.3epss 0.00

    TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.

  • CVE-2024-21664MedJan 9, 2024
    risk 0.21cvss 4.3epss 0.01

    jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability…

  • CVE-2017-17294LowFeb 15, 2018
    risk 0.21cvss 3.3epss 0.00

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…

  • CVE-2017-15096LowOct 26, 2017
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.

  • CVE-2026-0968LowMar 26, 2026
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory…

  • CVE-2025-32787LowApr 16, 2025
    risk 0.20cvss 3.1epss 0.00

    SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for…

  • CVE-2022-31076MedJun 27, 2022
    risk 0.20cvss 4.2epss 0.01

    KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server…

  • CVE-2022-31077MedJun 27, 2022
    risk 0.19cvss 4.0epss 0.01

    KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer…

  • CVE-2025-1698LowJun 11, 2025
    risk 0.18cvss 2.8epss 0.00

    Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

  • CVE-2024-43167LowAug 12, 2024
    risk 0.18cvss 2.8epss 0.00

    DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red…

  • CVE-2024-29947LowApr 2, 2024
    risk 0.18cvss 2.7epss 0.00

    There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality.

  • CVE-2026-44638LowMay 14, 2026
    risk 0.16cvss 2.5epss 0.00

    libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the…

  • CVE-2025-8534LowAug 5, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local…

  • CVE-2026-10298LowJun 1, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been…