Filtered by CWE-476
Filtered by vendor Subscriptions
Total 3602 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-47586 1 Sap 1 Netweaver Abap Application Server 2024-11-12 5.3 Medium
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.
CVE-2024-9484 2 Avast, Avg 2 Antivirus, Antivirus 2024-11-08 5.1 Medium
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.
CVE-2024-9483 2 Avast, Avg 2 Antivirus, Antivirus 2024-11-08 5.1 Medium
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.
CVE-2024-10750 1 Tenda 2 I22, I22 Firmware 2024-11-07 6.5 Medium
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-22733 1 Tp-link 3 Mr200, Mr200 Firmware, Tl-mr200 V4 Firmware 2024-11-06 3.5 Low
TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker.
CVE-2024-20426 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense Software 2024-11-05 8.6 High
A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVE-2024-10280 1 Tenda 20 Ac10, Ac10 Firmware, Ac10u and 17 more 2024-11-01 6.5 Medium
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-3857 2024-10-29 5.5 Medium
Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.
CVE-2024-44101 1 Google 1 Android 2024-10-28 7.5 High
there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-40493 2 Keith-cullen, Keithcullen 2 Freecoap, Freecoap 2024-10-25 5.3 Medium
Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`.
CVE-2024-20339 1 Cisco 1 Firepower Threat Defense Software 2024-10-25 8.6 High
A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition and impacting traffic to and through the affected device.
CVE-2024-47459 1 Adobe 1 Substance 3d Sampler 2024-10-23 5.5 Medium
Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-3186 2024-10-18 5.3 Medium
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template (JST) files to trigger a crash and cause a Denial of Service (DoS) by providing malicious templates.
CVE-2024-3184 2024-10-18 5.9 Medium
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).
CVE-2024-39440 2 Google, Unisoc 10 Android, S8000, T606 and 7 more 2024-10-17 6.2 Medium
In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.
CVE-2024-47007 1 Ivanti 1 Avalanche 2024-10-16 7.5 High
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-38146 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2024-10-16 7.5 High
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38145 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2024-10-16 7.5 High
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38126 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2024-10-16 7.5 High
Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-6157 2024-10-15 5.1 Medium
An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07