CWE-476— NULL Pointer Dereference
4,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 17 of 95
- CVE-2020-13435MEDIUMCVSS 5.5EG 5.52020-05-24
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
- CVE-2020-13574HIGHCVSS 7.5EG 7.52021-02-10
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2020-13575HIGHCVSS 7.5EG 7.52021-02-10
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2020-13577HIGHCVSS 7.5EG 7.52021-02-10
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2020-13578HIGHCVSS 7.5EG 7.52021-02-10
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2020-13582HIGHCVSS 7.5EG 7.52021-01-26
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2020-13583HIGHCVSS 7.5EG 7.52021-02-10
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
- CVE-2020-13632MEDIUMCVSS 5.5EG 5.52020-05-27
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
- CVE-2020-13649HIGHCVSS 7.5EG 7.52020-05-28
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
- CVE-2020-13659LOWCVSS 2.5EG 2.52020-06-02
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
- CVE-2020-13775MEDIUMCVSS 6.5EG 6.52020-06-02
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
- CVE-2020-13848HIGHCVSS 7.5EG 7.52020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURL…
- CVE-2020-13898HIGHCVSS 7.5EG 7.52020-06-10
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.
- CVE-2020-13900HIGHCVSS 7.5EG 7.52020-06-10
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.
- CVE-2020-13934HIGHCVSS 7.5EG 7.52020-07-14
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryE…
- CVE-2020-13950HIGHCVSS 7.5EG 7.52021-06-10
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
- CVE-2020-14149HIGHCVSS 7.5EG 7.52020-06-15
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.
- CVE-2020-14323MEDIUMCVSS 5.5EG 5.52020-10-29
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
- CVE-2020-14356HIGHCVSS 7.8EG 7.82020-08-19
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
- CVE-2020-14396HIGHCVSS 7.5EG 7.52020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
- CVE-2020-14397HIGHCVSS 7.5EG 7.52020-06-17
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- CVE-2020-14500CRITICALCVSS 10.0EG 10.02020-08-25
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.
- CVE-2020-15190MEDIUMCVSS 5.3EG 5.32020-09-25
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input t…
- CVE-2020-15191MEDIUMCVSS 5.3EG 5.32020-09-25
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However,…
- CVE-2020-15204MEDIUMCVSS 5.3EG 5.32020-09-25
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked…
- CVE-2020-15209MEDIUMCVSS 5.9EG 5.92020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer ser…
- CVE-2020-15304MEDIUMCVSS 5.5EG 5.52020-06-26
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
- CVE-2020-15437MEDIUMCVSS 4.4EG 4.42020-11-23
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which…
- CVE-2020-15469LOWCVSS 2.3EG 2.32020-07-02
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
- CVE-2020-15689HIGHCVSS 7.5EG 7.52020-07-13
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
- CVE-2020-15807MEDIUMCVSS 6.5EG 6.52020-07-17
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
- CVE-2020-15964HIGHCVSS 8.8EG 8.82020-09-21
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16117MEDIUMCVSS 5.9EG 5.92020-07-29
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capabi…
- CVE-2020-16118HIGHCVSS 7.5EG 7.52020-07-29
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
- CVE-2020-16135MEDIUMCVSS 5.9EG 5.92020-07-29
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
- CVE-2020-16293MEDIUMCVSS 5.5EG 5.52020-08-13
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. …
- CVE-2020-16295MEDIUMCVSS 5.5EG 5.52020-08-13
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16306MEDIUMCVSS 5.5EG 5.52020-08-13
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
- CVE-2020-16307MEDIUMCVSS 5.5EG 5.52020-08-13
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
- CVE-2020-1656HIGHCVSS 8.8EG 8.82020-10-16
The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client …
- CVE-2020-16588MEDIUMCVSS 5.5EG 5.52020-12-09
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
- CVE-2020-16593MEDIUMCVSS 5.5EG 5.52020-12-09
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a…
- CVE-2020-16599MEDIUMCVSS 5.5EG 5.52020-12-09
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of ser…
- CVE-2020-1730MEDIUMCVSS 5.3EG 5.32020-04-13
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to…
- CVE-2020-17525HIGHCVSS 7.5EG 7.52021-03-17
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for u…
- CVE-2020-1814MEDIUMCVSS 5.3EG 5.32020-02-18
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An …
- CVE-2020-18378MEDIUMCVSS 6.5EG 6.52023-08-22
A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
- CVE-2020-18395HIGHCVSS 7.5EG 7.52021-05-28
A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs.
- CVE-2020-18730HIGHCVSS 7.5EG 7.52021-08-23
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).
- CVE-2020-18731HIGHCVSS 7.5EG 7.52021-08-23
A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →