CWE-476
NULL Pointer Dereference
Description
The product dereferences a pointer that it expects to be valid but is NULL.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,587)
page 77 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1094 | Med | 0.00 | 5.5 | 0.02 | Apr 2, 2018 | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4… | ||
| CVE-2018-1092 | Med | 0.00 | 5.5 | 0.02 | Apr 2, 2018 | The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4… | ||
| CVE-2017-18241 | Med | 0.00 | 5.5 | 0.00 | Mar 21, 2018 | fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | ||
| CVE-2018-7262 | Hig | 0.00 | 7.5 | 0.03 | Mar 19, 2018 | In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. | ||
| CVE-2017-18237 | Med | 0.00 | 5.5 | 0.01 | Mar 15, 2018 | An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file. | ||
| CVE-2018-8043 | Med | 0.00 | 5.5 | 0.00 | Mar 10, 2018 | The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). | ||
| CVE-2018-7999 | Hig | 0.00 | 8.8 | 0.02 | Mar 9, 2018 | In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. | ||
| CVE-2018-7998 | Hig | 0.00 | 7.5 | 0.02 | Mar 9, 2018 | In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs… | ||
| CVE-2018-5729 | Med | 0.00 | 4.7 | 0.03 | Mar 6, 2018 | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. | ||
| CVE-2018-7731 | Med | 0.00 | 5.5 | 0.01 | Mar 6, 2018 | An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. | ||
| CVE-2017-18216 | Med | 0.00 | 5.5 | 0.01 | Mar 5, 2018 | In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. | ||
| CVE-2018-1066 | Med | 0.00 | 6.5 | 0.04 | Mar 2, 2018 | The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP… | ||
| CVE-2018-1065 | Med | 0.00 | 4.7 | 0.00 | Mar 2, 2018 | The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN… | ||
| CVE-2018-6534 | Med | 0.00 | 6.5 | 0.01 | Feb 27, 2018 | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. | ||
| CVE-2018-7492 | Med | 0.00 | 5.5 | 0.01 | Feb 26, 2018 | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | ||
| CVE-2017-16914 | Med | 0.00 | 5.9 | 0.04 | Jan 31, 2018 | The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. | ||
| CVE-2017-18079 | Hig | 0.00 | 7.8 | 0.00 | Jan 29, 2018 | drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. | ||
| CVE-2018-6197 | Hig | 0.00 | 7.5 | 0.04 | Jan 25, 2018 | w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | ||
| CVE-2015-4444 | 0.00 | — | 0.03 | Jul 15, 2015 | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer… | |||
| CVE-2015-4443 | 0.00 | — | 0.03 | Jul 15, 2015 | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer… |
- risk 0.00cvss 5.5epss 0.02
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4…
- risk 0.00cvss 5.5epss 0.02
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4…
- risk 0.00cvss 5.5epss 0.00
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
- risk 0.00cvss 7.5epss 0.03
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
- risk 0.00cvss 5.5epss 0.01
An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.
- risk 0.00cvss 5.5epss 0.00
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
- risk 0.00cvss 8.8epss 0.02
In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.
- risk 0.00cvss 7.5epss 0.02
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs…
- risk 0.00cvss 4.7epss 0.03
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
- risk 0.00cvss 5.5epss 0.01
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.
- risk 0.00cvss 5.5epss 0.01
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
- risk 0.00cvss 6.5epss 0.04
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP…
- risk 0.00cvss 4.7epss 0.00
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN…
- risk 0.00cvss 6.5epss 0.01
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.
- risk 0.00cvss 5.5epss 0.01
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
- risk 0.00cvss 5.9epss 0.04
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
- risk 0.00cvss 7.8epss 0.00
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
- risk 0.00cvss 7.5epss 0.04
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
- CVE-2015-4444Jul 15, 2015risk 0.00cvss —epss 0.03
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer…
- CVE-2015-4443Jul 15, 2015risk 0.00cvss —epss 0.03
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer…