CWE-476 · NULL Pointer Dereference

5326 CVEs classified under CWE-476 (NULL Pointer Dereference). Browse by severity and year.

Top CVEs for CWE-476
CVESeverityScorePublishedSummary
CVE-2022-36648Critical10.02023-08-22The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host q…
CVE-2020-14500Critical10.02020-08-25Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.
CVE-2026-46195Critical9.82026-05-28In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_sec_desc(), build_se…
CVE-2026-31657Critical9.82026-04-24In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace…
CVE-2026-31436Critical9.82026-04-22In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the en…
CVE-2024-55193Critical9.82025-01-23OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
CVE-2024-47613Critical9.82024-12-12GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_de…
CVE-2024-40493Critical9.82024-10-22Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and po…
CVE-2024-38612Critical9.82024-06-19In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in cas…
CVE-2023-45924Critical9.82024-03-27libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed be…
CVE-2023-46427Critical9.82024-03-09An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), a…
CVE-2023-47003Critical9.82023-11-16An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.
CVE-2023-2840Critical9.82023-05-22NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-26463Critical9.82023-04-15strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same functi…
CVE-2023-23087Critical9.82023-02-03An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.
CVE-2021-4236Critical9.82022-12-27Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to…
CVE-2022-36227Critical9.82022-11-22In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, w…
CVE-2022-30592Critical9.82022-05-11liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.
CVE-2021-1946Critical9.82021-09-09Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity…
CVE-2021-28300Critical9.82021-04-14NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial…