Vulnerabilities (CVE)

Filtered by CWE-476
Total 1580 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27836 2 Fedoraproject, Libxls Project 2 Fedora, Libxls 2021-11-26 4.3 MEDIUM 6.5 MEDIUM
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.
CVE-2021-43016 3 Adobe, Apple, Microsoft 3 Incopy, Macos, Windows 2021-11-25 4.3 MEDIUM 5.5 MEDIUM
Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-42373 1 Busybox 1 Busybox 2021-11-25 2.1 LOW 5.5 MEDIUM
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
CVE-2021-42376 1 Busybox 1 Busybox 2021-11-25 1.9 LOW 5.5 MEDIUM
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
CVE-2021-34798 2 Apache, Fedoraproject 2 Http Server, Fedora 2021-11-24 5.0 MEDIUM 7.5 HIGH
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-40774 2 Adobe, Microsoft 2 Prelude, Windows 2021-11-24 4.3 MEDIUM 5.5 MEDIUM
Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-40773 2 Adobe, Microsoft 2 Prelude, Windows 2021-11-24 4.3 MEDIUM 5.5 MEDIUM
Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-39921 1 Wireshark 1 Wireshark 2021-11-24 5.0 MEDIUM 7.5 HIGH
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39923 1 Wireshark 1 Wireshark 2021-11-24 5.0 MEDIUM 7.5 HIGH
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
CVE-2021-39928 1 Wireshark 1 Wireshark 2021-11-23 5.0 MEDIUM 7.5 HIGH
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39920 1 Wireshark 1 Wireshark 2021-11-23 5.0 MEDIUM 7.5 HIGH
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
CVE-2021-43668 1 Ethereum 1 Go Ethereum 2021-11-23 2.1 LOW 5.5 MEDIUM
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
CVE-2021-43667 1 Linuxfoundation 1 Fabric 2021-11-23 5.0 MEDIUM 7.5 HIGH
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
CVE-2021-40761 2 Adobe, Microsoft 2 After Effects, Windows 2021-11-19 4.3 MEDIUM 5.5 MEDIUM
Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-40756 2 Adobe, Microsoft 2 After Effects, Windows 2021-11-19 4.3 MEDIUM 5.5 MEDIUM
Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-42268 1 Adobe 1 Animate 2021-11-18 4.3 MEDIUM 5.5 MEDIUM
Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-15190 2 Google, Opensuse 2 Tensorflow, Leap 2021-11-18 5.0 MEDIUM 5.3 MEDIUM
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE-2021-41524 2 Apache, Fedoraproject 2 Http Server, Fedora 2021-11-17 5.0 MEDIUM 7.5 HIGH
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
CVE-2021-36222 2 Debian, Mit 2 Debian Linux, Kerberos 5 2021-11-17 5.0 MEDIUM 7.5 HIGH
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
CVE-2020-20450 1 Ffmpeg 1 Ffmpeg 2021-11-17 5.0 MEDIUM 7.5 HIGH
FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.