CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-476

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010224 476 2019-07-22 2019-07-23
5.0
None Remote Low Not required None None Partial
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash (DoS). The component is: onset. The fixed version is: after commit e4e0861cffbc8d3a53dcd18f9ae85797690d67c7.
2 CVE-2019-1010222 476 2019-07-22 2019-07-23
5.0
None Remote Low Not required None None Partial
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.
3 CVE-2019-1010171 476 DoS 2019-07-23 2019-07-23
5.0
None Remote Low Not required None None Partial
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.
4 CVE-2019-1010162 476 DoS Exec Code 2019-07-23 2019-10-09
4.3
None Remote Medium Not required None None Partial
jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77.
5 CVE-2019-17454 476 2019-10-10 2019-10-11
4.3
None Remote Medium Not required None None Partial
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info.
6 CVE-2019-17453 476 2019-10-10 2019-10-11
4.3
None Remote Medium Not required None None Partial
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt or mp4compact.
7 CVE-2019-17452 476 2019-10-10 2019-10-11
4.3
None Remote Medium Not required None None Partial
Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4dump.
8 CVE-2019-17064 476 2019-10-01 2019-10-08
4.3
None Remote Medium Not required None None Partial
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
9 CVE-2019-16754 476 2019-09-24 2019-09-25
5.0
None Remote Low Not required None None Partial
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet.
10 CVE-2019-16351 476 2019-09-16 2019-09-16
4.3
None Remote Medium Not required None None Partial
ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.
11 CVE-2019-16350 476 2019-09-16 2019-09-16
4.3
None Remote Medium Not required None None Partial
ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.
12 CVE-2019-16349 476 2019-09-16 2019-09-17
4.3
None Remote Medium Not required None None Partial
Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.
13 CVE-2019-16348 476 2019-09-16 2019-09-16
4.3
None Remote Medium Not required None None Partial
marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c.
14 CVE-2019-16234 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
15 CVE-2019-16233 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
16 CVE-2019-16232 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
17 CVE-2019-16231 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
18 CVE-2019-16230 476 2019-09-11 2019-10-04
7.8
None Remote Low Not required None None Complete
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
19 CVE-2019-16229 476 2019-09-11 2019-10-10
7.8
None Remote Low Not required None None Complete
** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.
20 CVE-2019-16164 476 2019-09-09 2019-09-10
4.3
None Remote Medium Not required None None Partial
MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c.
21 CVE-2019-16161 476 2019-09-09 2019-09-10
5.0
None Remote Low Not required None None Partial
Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.
22 CVE-2019-16092 476 2019-09-07 2019-09-09
7.5
None Remote Low Not required Partial Partial Partial
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
23 CVE-2019-16089 476 2019-09-06 2019-10-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.
24 CVE-2019-15924 476 2019-09-04 2019-09-14
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.
25 CVE-2019-15923 476 2019-09-04 2019-10-04
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.
26 CVE-2019-15922 476 2019-09-04 2019-10-04
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.
27 CVE-2019-15759 476 2019-08-28 2019-09-03
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
28 CVE-2019-15757 476 2019-08-28 2019-09-09
4.3
None Remote Medium Not required None None Partial
libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.
29 CVE-2019-15297 476 2019-09-09 2019-09-11
4.0
None Remote Low Single system None None Partial
res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk.
30 CVE-2019-15291 476 2019-08-20 2019-09-05
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.
31 CVE-2019-15290 476 2019-08-20 2019-09-05
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver.
32 CVE-2019-15223 476 2019-08-19 2019-09-05
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.
33 CVE-2019-15222 476 2019-08-19 2019-09-05
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.
34 CVE-2019-15221 476 2019-08-19 2019-09-02
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.
35 CVE-2019-15219 476 2019-08-19 2019-08-22
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
36 CVE-2019-15218 476 2019-08-19 2019-08-22
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
37 CVE-2019-15217 476 2019-08-19 2019-09-05
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
38 CVE-2019-15216 476 2019-08-19 2019-09-02
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.
39 CVE-2019-15163 476 DoS 2019-10-03 2019-10-08
5.0
None Remote Low Not required None None Partial
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
40 CVE-2019-15099 476 2019-08-15 2019-09-05
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
41 CVE-2019-15098 476 2019-08-15 2019-09-30
7.8
None Remote Low Not required None None Complete
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
42 CVE-2019-14534 476 DoS 2019-08-29 2019-09-06
4.3
None Remote Medium Not required None None Partial
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
43 CVE-2019-14493 476 2019-08-01 2019-08-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
44 CVE-2019-14381 476 2019-07-30 2019-08-05
5.0
None Remote Low Not required None None Partial
libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.
45 CVE-2019-14248 476 2019-07-24 2019-08-07
4.3
None Remote Medium Not required None None Partial
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
46 CVE-2019-14212 476 2019-07-21 2019-07-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object.
47 CVE-2019-14210 476 Mem. Corr. 2019-07-21 2019-07-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object.
48 CVE-2019-14208 476 2019-07-21 2019-07-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
49 CVE-2019-13959 476 2019-07-18 2019-07-19
4.3
None Remote Medium Not required None None Partial
In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.
50 CVE-2019-13542 476 2019-09-17 2019-10-09
4.0
None Remote Low Single system None None Partial
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
Total number of vulnerabilities : 900   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.