Vulnerabilities (CVE)

Filtered by CWE-476
Total 1939 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1725 1 Vim 1 Vim 2022-09-30 N/A 5.5 MEDIUM
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2021-20196 2 Debian, Qemu 2 Debian Linux, Qemu 2022-09-30 2.1 LOW 6.5 MEDIUM
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-46019 2 Fedoraproject, Gnu 2 Fedora, Recutils 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVE-2022-24577 1 Gpac 1 Gpac 2022-09-30 6.8 MEDIUM 7.8 HIGH
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.)
CVE-2022-24736 2 Fedoraproject, Redis 2 Fedora, Redis 2022-09-29 2.1 LOW 5.5 MEDIUM
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
CVE-2022-37797 1 Lighttpd 1 Lighttpd 2022-09-29 N/A 7.5 HIGH
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.
CVE-2014-2497 6 Canonical, Debian, Oracle and 3 more 12 Ubuntu Linux, Debian Linux, Solaris and 9 more 2022-09-28 4.3 MEDIUM N/A
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
CVE-2021-38604 3 Fedoraproject, Gnu, Oracle 8 Fedora, Glibc, Communications Cloud Native Core Binding Support Function and 5 more 2022-09-28 5.0 MEDIUM 7.5 HIGH
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
CVE-2021-4145 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2022-09-28 4.9 MEDIUM 6.5 MEDIUM
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
CVE-2021-44224 6 Apache, Apple, Debian and 3 more 11 Http Server, Macos, Debian Linux and 8 more 2022-09-28 6.4 MEDIUM 8.2 HIGH
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2022-32785 1 Apple 3 Ipad Os, Iphone Os, Macos 2022-09-28 N/A 5.5 MEDIUM
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.
CVE-2022-2973 1 Mz-automation 1 Libiec61850 2022-09-26 N/A 7.5 HIGH
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.
CVE-2022-3278 1 Vim 1 Vim 2022-09-26 N/A 5.5 MEDIUM
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
CVE-2022-2309 2 Lxml, Xmlsoft 2 Lxml, Libxml2 2022-09-24 5.0 MEDIUM 7.5 HIGH
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
CVE-2020-15469 2 Debian, Qemu 2 Debian Linux, Qemu 2022-09-23 2.1 LOW 2.3 LOW
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-35505 2 Debian, Qemu 2 Debian Linux, Qemu 2022-09-22 2.1 LOW 4.4 MEDIUM
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35504 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2022-09-22 2.1 LOW 6.0 MEDIUM
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2022-38928 1 Xpdfreader 1 Xpdf 2022-09-22 N/A 7.8 HIGH
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVE-2019-8413 1 Mi 2 Mi Mix 2, Mi Mix 2 Firmware 2022-09-22 4.9 MEDIUM 5.5 MEDIUM
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
CVE-2018-19939 1 Mi 4 Mi A2 Lite, Mi A2 Lite Firmware, Redmi 6 and 1 more 2022-09-22 5.0 MEDIUM 7.5 HIGH
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.