Vulnerabilities (CVE)

Filtered by CWE-476
Total 3793 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-2496 2 Debian, Redhat 3 Debian Linux, Enterprise Linux, Libvirt 2025-04-09 N/A 5.0 MEDIUM
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.
CVE-2022-33299 1 Qualcomm 88 Apq8017, Apq8017 Firmware, Apq8096au and 85 more 2025-04-09 N/A 7.5 HIGH
Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.
CVE-2022-33290 1 Qualcomm 92 Apq8017, Apq8017 Firmware, Apq8096au and 89 more 2025-04-09 N/A 7.5 HIGH
Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.
CVE-2009-2698 6 Canonical, Fedoraproject, Linux and 3 more 12 Ubuntu Linux, Fedora, Linux Kernel and 9 more 2025-04-09 7.2 HIGH 7.8 HIGH
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
CVE-2007-0887 1 Gecad Technologies 1 Axigen Mail Server 2025-04-09 7.8 HIGH N/A
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
CVE-2008-1672 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2025-04-09 4.3 MEDIUM N/A
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
CVE-2009-1387 3 Canonical, Openssl, Redhat 3 Ubuntu Linux, Openssl, Openssl 2025-04-09 5.0 MEDIUM N/A
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
CVE-2008-2812 7 Avaya, Canonical, Debian and 4 more 15 Communication Manager, Expanded Meet-me Conferencing, Intuity Audix Lx and 12 more 2025-04-09 7.2 HIGH 7.8 HIGH
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
CVE-2006-6565 1 Filezilla-project 1 Filezilla Server 2025-04-09 4.0 MEDIUM N/A
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
CVE-2008-3597 1 Skulltag 1 Skulltag 2025-04-09 5.0 MEDIUM 7.5 HIGH
Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game.
CVE-2007-0039 1 Microsoft 1 Exchange Server 2025-04-09 7.8 HIGH N/A
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
CVE-2009-1902 2 Fedoraproject, Trustwave 2 Fedora, Modsecurity 2025-04-09 5.0 MEDIUM N/A
The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
CVE-2009-2516 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 6.9 MEDIUM 7.1 HIGH
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
CVE-2008-5183 3 Apple, Debian, Opensuse 5 Cups, Mac Os X, Mac Os X Server and 2 more 2025-04-09 4.3 MEDIUM 7.5 HIGH
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
CVE-2009-2768 1 Linux 1 Linux Kernel 2025-04-09 7.2 HIGH 7.8 HIGH
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."
CVE-2009-1386 3 Canonical, Openssl, Redhat 3 Ubuntu Linux, Openssl, Openssl 2025-04-09 5.0 MEDIUM N/A
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
CVE-2007-0342 2 Apple, Omnigroup 4 Mac Os X, Safari, Webkit and 1 more 2025-04-09 4.3 MEDIUM 7.5 HIGH
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
CVE-2006-4343 3 Canonical, Debian, Openssl 3 Ubuntu Linux, Debian Linux, Openssl 2025-04-09 4.3 MEDIUM N/A
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
CVE-2009-3094 3 Apache, Debian, Fedoraproject 3 Http Server, Debian Linux, Fedora 2025-04-09 2.6 LOW N/A
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
CVE-2007-1327 1 Silc 1 Silc-server 2025-04-09 7.8 HIGH N/A
The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.