CWE-476— NULL Pointer Dereference
4,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-476page 59 of 95
- CVE-2024-27071MEDIUMCVSS 5.5EG 5.52024-05-01
In the Linux kernel, the following vulnerability has been resolved: backlight: hx8357: Fix potential NULL pointer dereference The "im" pins are optional. Add missing check in the hx8357_probe().
- CVE-2024-27079MEDIUMCVSS 5.5EG 5.52024-05-01
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the …
- CVE-2024-27229HIGHCVSS 7.5EG 7.52024-03-11
In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is…
- CVE-2024-27232MEDIUMCVSS 5.5EG 5.52024-04-05
In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati…
- CVE-2024-27399MEDIUMCVSS 5.5EG 5.52024-05-14
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to d…
- CVE-2024-27405HIGHCVSS 7.5EG 7.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, t…
- CVE-2024-27406MEDIUMCVSS 5.5EG 5.52024-05-17
In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Trying to run the iov_iter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. KT…
- CVE-2024-27532HIGHCVSS 7.5EG 7.52024-11-08
wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.
- CVE-2024-27660MEDIUMCVSS 6.5EG 6.52024-02-29
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-27978MEDIUMCVSS 6.5EG 6.52024-04-19
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
- CVE-2024-28068MEDIUMCVSS 5.3EG 5.32024-07-09
A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, E…
- CVE-2024-28286HIGHCVSS 7.5EG 7.52024-03-21
In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to…
- CVE-2024-28458HIGHCVSS 7.5EG 7.52024-04-11
Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.
- CVE-2024-28577MEDIUMCVSS 5.5EG 5.52024-03-20
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.
- CVE-2024-28584LOWCVSS 3.3EG 3.32024-03-20
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.
- CVE-2024-29489MEDIUMCVSS 5.5EG 5.52024-03-28
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.
- CVE-2024-29751MEDIUMCVSS 5.5EG 5.52024-04-05
In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB Read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for explo…
- CVE-2024-29947LOWCVSS 2.7EG 2.72024-04-02
There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality.
- CVE-2024-30030HIGHCVSS 7.8EG 7.82024-05-14
Win32k Elevation of Privilege Vulnerability
- CVE-2024-30285MEDIUMCVSS 5.5EG 5.52024-06-13
Audition versions 24.2, 23.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to crash the application, lea…
- CVE-2024-30295HIGHCVSS 7.8EG 7.82024-05-16
Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in …
- CVE-2024-30403MEDIUMCVSS 6.5EG 6.52024-04-12
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a lo…
- CVE-2024-31030CRITICALCVSS 9.1EG 9.12024-05-31
An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet.
- CVE-2024-31041HIGHCVSS 7.5EG 7.52024-04-17
Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.
- CVE-2024-31078LOWCVSS 3.3EG 3.32024-05-07
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.
- CVE-2024-31164MEDIUMCVSS 5.3EG 5.32024-09-18
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13. This issue affect…
- CVE-2024-31165MEDIUMCVSS 5.3EG 5.32024-09-18
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::SetFieldAction::unpack. This issu…
- CVE-2024-31167MEDIUMCVSS 5.3EG 5.32024-09-18
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack13. This issue…
- CVE-2024-31175MEDIUMCVSS 5.3EG 5.32024-09-18
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TablePropertiesList::unpack. This…
- CVE-2024-31182MEDIUMCVSS 5.3EG 5.32024-09-18
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack10. This issue…
- CVE-2024-31185MEDIUMCVSS 5.3EG 5.32024-09-18
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MeterBandList::unpack. This issue…
- CVE-2024-31196MEDIUMCVSS 5.3EG 5.32024-09-18
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::ActionList::unpack10. This issue affect…
- CVE-2024-31420MEDIUMCVSS 6.5EG 6.52024-04-03
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-…
- CVE-2024-31755HIGHCVSS 7.6EG 7.62024-04-26
cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
- CVE-2024-3184MEDIUMCVSS 5.9EG 5.92024-10-17
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can e…
- CVE-2024-3186MEDIUMCVSS 5.3EG 5.32024-10-17
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify…
- CVE-2024-32637LOWCVSS 3.3EG 3.32024-05-14
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions …
- CVE-2024-32661HIGHCVSS 7.5EG 7.52024-04-23
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are avai…
- CVE-2024-32666MEDIUMCVSS 4.7EG 4.72024-09-16
NULL pointer dereference in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-32941HIGHCVSS 7.9EG 7.92025-02-12
NULL pointer dereference for some Intel(R) MLC software before version v3.11b may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-3332MEDIUMCVSS 6.5EG 6.52024-07-03
A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device
- CVE-2024-33345MEDIUMCVSS 6.5EG 6.52024-04-29
D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-33600MEDIUMCVSS 5.9EG 5.92024-05-06
nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introd…
- CVE-2024-3385HIGHCVSS 7.5EG 7.52024-04-10
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention …
- CVE-2024-34030MEDIUMCVSS 4.7EG 4.72024-06-24
In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this…
- CVE-2024-34044MEDIUMCVSS 5.3EG 5.32024-04-30
The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL.
- CVE-2024-34088HIGHCVSS 7.5EG 7.52024-04-30
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading t…
- CVE-2024-34136MEDIUMCVSS 5.5EG 5.52024-08-14
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, result…
- CVE-2024-34137MEDIUMCVSS 5.5EG 5.52024-08-14
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the applicati…
- CVE-2024-34138MEDIUMCVSS 5.5EG 5.52024-08-14
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, result…
Map vulnerabilities like CWE-476 to your infrastructure
EchelonGraph correlates every CVE — across CWE-476 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →