Vulnerabilities (CVE)

Filtered by CWE-476
Total 2970 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5055 1 Netgear 2 Wnr2000, Wnr2000 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.
CVE-2019-16232 4 Canonical, Fedoraproject, Linux and 1 more 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more 2024-02-28 4.7 MEDIUM 4.1 MEDIUM
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-12259 4 Belden, Siemens, Sonicwall and 1 more 49 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 46 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
CVE-2019-12175 1 Zeek 1 Zeek 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.
CVE-2019-15923 1 Linux 1 Linux Kernel 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.
CVE-2019-15759 1 Webassembly 1 Binaryen 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
CVE-2019-9656 3 Canonical, Debian, Libofx Project 3 Ubuntu Linux, Debian Linux, Libofx 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
CVE-2019-12108 1 Miniupnp Project 1 Miniupnpd 2024-02-28 5.0 MEDIUM 7.5 HIGH
A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.
CVE-2019-1010171 1 Jsish 1 Jsish 2024-02-28 5.0 MEDIUM 7.5 HIGH
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.
CVE-2019-10022 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
CVE-2019-2236 1 Qualcomm 76 Ipq8074, Ipq8074 Firmware, Mdm9206 and 73 more 2024-02-28 2.1 LOW 5.5 MEDIUM
Null pointer dereference during secure application termination using specific application ids. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
CVE-2019-12881 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-02-28 4.6 MEDIUM 7.8 HIGH
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.
CVE-2019-9589 1 Glyphandcog 1 Xpdfreader 2024-02-28 6.8 MEDIUM 7.8 HIGH
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2018-18513 1 Mozilla 1 Thunderbird 2024-02-28 5.0 MEDIUM 7.5 HIGH
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird < 60.5.
CVE-2019-15291 1 Linux 1 Linux Kernel 2024-02-28 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.
CVE-2019-12818 1 Linux 1 Linux Kernel 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c.
CVE-2019-12101 1 Libnyoci Project 1 Libnyoci 2024-02-28 5.0 MEDIUM 7.5 HIGH
coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault).
CVE-2019-10901 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
CVE-2018-7191 1 Linux 1 Linux Kernel 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
CVE-2019-11638 1 Gnu 1 Recutils 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.