Vulnerabilities (CVE)

Filtered by CWE-476
Total 3811 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3104 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.
CVE-2022-25741 1 Qualcomm 250 Aqt1000, Aqt1000 Firmware, Ar8035 and 247 more 2025-04-22 N/A 7.5 HIGH
Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-25710 1 Qualcomm 124 Apq8009, Apq8009 Firmware, Apq8017 and 121 more 2025-04-22 N/A 7.5 HIGH
Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CVE-2024-57435 1 Macrozheng 1 Mall-tiny 2025-04-22 N/A 6.5 MEDIUM
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.
CVE-2022-3107 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
CVE-2022-3105 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
CVE-2024-50608 1 Treasuredata 1 Fluent Bit 2025-04-22 N/A 7.5 HIGH
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.
CVE-2024-50609 1 Treasuredata 1 Fluent Bit 2025-04-22 N/A 7.5 HIGH
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
CVE-2022-3115 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3114 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.
CVE-2022-3113 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
CVE-2022-3112 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3111 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
CVE-2022-3110 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.
CVE-2022-3106 1 Linux 1 Linux Kernel 2025-04-22 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().
CVE-2023-40032 2 Fedoraproject, Libvips 2 Fedora, Libvips 2025-04-21 N/A 5.5 MEDIUM
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.
CVE-2017-7994 1 Podofo Project 1 Podofo 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CVE-2017-8820 2 Debian, Tor Project 2 Debian Linux, Tor 2025-04-20 5.0 MEDIUM 7.5 HIGH
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.
CVE-2017-2388 1 Apple 1 Mac Os X 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2017-5851 1 Mp3splt Project 1 Mp3splt 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability.