VYPR

CWE-476

NULL Pointer Dereference

BaseStableLikelihood: Medium

Description

The product dereferences a pointer that it expects to be valid but is NULL.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (1,587)

page 77 of 80
  • CVE-2018-1094MedApr 2, 2018
    risk 0.00cvss 5.5epss 0.02

    The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4…

  • CVE-2018-1092MedApr 2, 2018
    risk 0.00cvss 5.5epss 0.02

    The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4…

  • CVE-2017-18241MedMar 21, 2018
    risk 0.00cvss 5.5epss 0.00

    fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.

  • CVE-2018-7262HigMar 19, 2018
    risk 0.00cvss 7.5epss 0.03

    In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

  • CVE-2017-18237MedMar 15, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.

  • CVE-2018-8043MedMar 10, 2018
    risk 0.00cvss 5.5epss 0.00

    The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

  • CVE-2018-7999HigMar 9, 2018
    risk 0.00cvss 8.8epss 0.02

    In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

  • CVE-2018-7998HigMar 9, 2018
    risk 0.00cvss 7.5epss 0.02

    In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs…

  • CVE-2018-5729MedMar 6, 2018
    risk 0.00cvss 4.7epss 0.03

    MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

  • CVE-2018-7731MedMar 6, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.

  • CVE-2017-18216MedMar 5, 2018
    risk 0.00cvss 5.5epss 0.01

    In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.

  • CVE-2018-1066MedMar 2, 2018
    risk 0.00cvss 6.5epss 0.04

    The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP…

  • CVE-2018-1065MedMar 2, 2018
    risk 0.00cvss 4.7epss 0.00

    The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN…

  • CVE-2018-6534MedFeb 27, 2018
    risk 0.00cvss 6.5epss 0.01

    An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.

  • CVE-2018-7492MedFeb 26, 2018
    risk 0.00cvss 5.5epss 0.01

    A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

  • CVE-2017-16914MedJan 31, 2018
    risk 0.00cvss 5.9epss 0.04

    The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.

  • CVE-2017-18079HigJan 29, 2018
    risk 0.00cvss 7.8epss 0.00

    drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.

  • CVE-2018-6197HigJan 25, 2018
    risk 0.00cvss 7.5epss 0.04

    w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

  • CVE-2015-4444Jul 15, 2015
    risk 0.00cvss epss 0.03

    Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer…

  • CVE-2015-4443Jul 15, 2015
    risk 0.00cvss epss 0.03

    Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer…