Vulnerabilities (CVE)

Filtered by CWE-476
Total 1643 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19647 2 Fedoraproject, Radare 2 Fedora, Radare2 2022-01-01 6.8 MEDIUM 7.8 HIGH
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2020-6062 4 Canonical, Coturn Project, Debian and 1 more 4 Ubuntu Linux, Coturn, Debian Linux and 1 more 2022-01-01 5.0 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.
CVE-2020-9545 1 Palemoon 1 Pale Moon 2022-01-01 5.0 MEDIUM 7.5 HIGH
Pale Moon 28.x before 28.8.4 has a segmentation fault related to module scripting, as demonstrated by a Lacoste web site.
CVE-2020-7062 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2022-01-01 4.3 MEDIUM 7.5 HIGH
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
CVE-2020-26521 2 Fedoraproject, Linuxfoundation 2 Fedora, Nats-server 2022-01-01 5.0 MEDIUM 7.5 HIGH
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
CVE-2020-17525 2 Apache, Debian 2 Subversion, Debian Linux 2022-01-01 4.3 MEDIUM 7.5 HIGH
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
CVE-2018-14553 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-12-30 4.3 MEDIUM 7.5 HIGH
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
CVE-2020-8011 1 Broadcom 1 Unified Infrastructure Management 2021-12-30 5.0 MEDIUM 7.5 HIGH
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
CVE-2021-45292 1 Gpac 1 Gpac 2021-12-30 4.3 MEDIUM 5.5 MEDIUM
The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.
CVE-2020-9429 2 Opensuse, Wireshark 2 Leap, Wireshark 2021-12-30 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
CVE-2019-8379 1 Advancemame 1 Advancecomp 2021-12-30 6.8 MEDIUM 7.8 HIGH
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-18804 5 Canonical, Debian, Djvulibre Project and 2 more 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more 2021-12-28 5.0 MEDIUM 7.5 HIGH
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
CVE-2021-45259 1 Gpac 1 Gpac 2021-12-28 4.3 MEDIUM 5.5 MEDIUM
An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash.
CVE-2021-45267 1 Gpac 1 Gpac 2021-12-27 4.3 MEDIUM 5.5 MEDIUM
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.
CVE-2021-45260 1 Gpac 1 Gpac 2021-12-27 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.
CVE-2021-41497 1 Rare-technologies 1 Bounter 2021-12-27 5.0 MEDIUM 7.5 HIGH
Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.
CVE-2021-44918 1 Gpac 1 Gpac 2021-12-27 4.3 MEDIUM 5.5 MEDIUM
A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.
CVE-2021-44927 1 Gpac 1 Gpac 2021-12-27 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.
CVE-2021-44925 1 Gpac 1 Gpac 2021-12-27 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.
CVE-2021-44923 1 Gpac 1 Gpac 2021-12-27 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.