CWE-476 · NULL Pointer Dereference
5326 CVEs classified under CWE-476 (NULL Pointer Dereference). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36648 | Critical | 10.0 | 2023-08-22 | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host q… |
CVE-2020-14500 | Critical | 10.0 | 2020-08-25 | Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. |
CVE-2026-46195 | Critical | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_sec_desc(), build_se… |
CVE-2026-31657 | Critical | 9.8 | 2026-04-24 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace… |
CVE-2026-31436 | Critical | 9.8 | 2026-04-22 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the en… |
CVE-2024-55193 | Critical | 9.8 | 2025-01-23 | OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. |
CVE-2024-47613 | Critical | 9.8 | 2024-12-12 | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_de… |
CVE-2024-40493 | Critical | 9.8 | 2024-10-22 | Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and po… |
CVE-2024-38612 | Critical | 9.8 | 2024-06-19 | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in cas… |
CVE-2023-45924 | Critical | 9.8 | 2024-03-27 | libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed be… |
CVE-2023-46427 | Critical | 9.8 | 2024-03-09 | An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), a… |
CVE-2023-47003 | Critical | 9.8 | 2023-11-16 | An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. |
CVE-2023-2840 | Critical | 9.8 | 2023-05-22 | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. |
CVE-2023-26463 | Critical | 9.8 | 2023-04-15 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same functi… |
CVE-2023-23087 | Critical | 9.8 | 2023-02-03 | An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. |
CVE-2021-4236 | Critical | 9.8 | 2022-12-27 | Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to… |
CVE-2022-36227 | Critical | 9.8 | 2022-11-22 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, w… |
CVE-2022-30592 | Critical | 9.8 | 2022-05-11 | liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. |
CVE-2021-1946 | Critical | 9.8 | 2021-09-09 | Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity… |
CVE-2021-28300 | Critical | 9.8 | 2021-04-14 | NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial… |