CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
CVE-2026-20457 (GCVE-0-2026-20457)
Vulnerability from cvelistv5 – Published: 2026-07-01 03:13 – Updated: 2026-07-01 10:40- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6739 Affected: MT6761 Affected: MT6762 Affected: MT6763 Affected: MT6765 Affected: MT6767 Affected: MT6768 Affected: MT6769 Affected: MT6771 Affected: MT6779 Affected: MT6781 Affected: MT6783 Affected: MT6785 Affected: MT6789 Affected: MT6833 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT8666 Affected: MT8667 Affected: MT8673 Affected: MT8675 Affected: MT8765 Affected: MT8766 Affected: MT8766R Affected: MT8768 Affected: MT8771 Affected: MT8781 Affected: MT8786 Affected: MT8788 Affected: MT8788E Affected: MT8789 Affected: MT8791 Affected: MT8791T Affected: MT8795T Affected: MT8796 Affected: MT8797 Affected: MT8798 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T10:40:08.598256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T10:40:26.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6739"
},
{
"status": "affected",
"version": "MT6761"
},
{
"status": "affected",
"version": "MT6762"
},
{
"status": "affected",
"version": "MT6763"
},
{
"status": "affected",
"version": "MT6765"
},
{
"status": "affected",
"version": "MT6767"
},
{
"status": "affected",
"version": "MT6768"
},
{
"status": "affected",
"version": "MT6769"
},
{
"status": "affected",
"version": "MT6771"
},
{
"status": "affected",
"version": "MT6779"
},
{
"status": "affected",
"version": "MT6781"
},
{
"status": "affected",
"version": "MT6783"
},
{
"status": "affected",
"version": "MT6785"
},
{
"status": "affected",
"version": "MT6789"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT8666"
},
{
"status": "affected",
"version": "MT8667"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8765"
},
{
"status": "affected",
"version": "MT8766"
},
{
"status": "affected",
"version": "MT8766R"
},
{
"status": "affected",
"version": "MT8768"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8781"
},
{
"status": "affected",
"version": "MT8786"
},
{
"status": "affected",
"version": "MT8788"
},
{
"status": "affected",
"version": "MT8788E"
},
{
"status": "affected",
"version": "MT8789"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8796"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T03:13:58.305Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20457",
"datePublished": "2026-07-01T03:13:58.305Z",
"dateReserved": "2025-11-03T01:30:59.014Z",
"dateUpdated": "2026-07-01T10:40:26.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20064 (GCVE-0-2026-20064)
Vulnerability from cvelistv5 – Published: 2026-03-04 18:36 – Updated: 2026-03-04 19:05- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software |
Affected:
6.4.0
Affected: 6.4.0.1 Affected: 6.4.0.3 Affected: 6.4.0.2 Affected: 6.4.0.4 Affected: 6.4.0.5 Affected: 6.4.0.6 Affected: 6.4.0.7 Affected: 6.4.0.8 Affected: 6.4.0.9 Affected: 6.4.0.10 Affected: 6.4.0.11 Affected: 6.4.0.12 Affected: 6.4.0.13 Affected: 6.4.0.14 Affected: 6.4.0.15 Affected: 6.4.0.16 Affected: 6.4.0.17 Affected: 6.4.0.18 Affected: 7.0.0 Affected: 7.0.0.1 Affected: 7.0.1 Affected: 7.0.1.1 Affected: 7.0.2 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 7.0.4 Affected: 7.0.5 Affected: 7.0.6 Affected: 7.0.6.1 Affected: 7.0.6.2 Affected: 7.0.6.3 Affected: 7.0.7 Affected: 7.0.8 Affected: 7.0.8.1 Affected: 7.1.0 Affected: 7.1.0.1 Affected: 7.1.0.2 Affected: 7.1.0.3 Affected: 7.2.0 Affected: 7.2.0.1 Affected: 7.2.1 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.2.4 Affected: 7.2.4.1 Affected: 7.2.5 Affected: 7.2.5.1 Affected: 7.2.6 Affected: 7.2.7 Affected: 7.2.5.2 Affected: 7.2.8 Affected: 7.2.8.1 Affected: 7.2.9 Affected: 7.2.10 Affected: 7.2.10.2 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.3.1.1 Affected: 7.3.1.2 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.4.1.1 Affected: 7.4.2 Affected: 7.4.2.1 Affected: 7.4.2.2 Affected: 7.4.2.3 Affected: 7.4.2.4 Affected: 7.6.0 Affected: 7.6.1 Affected: 7.6.2 Affected: 7.6.2.1 Affected: 7.7.0 Affected: 7.7.10 Affected: 7.7.10.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T19:05:49.783559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T19:05:59.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Firewall Threat Defense (FTD) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.0.1"
},
{
"status": "affected",
"version": "6.4.0.3"
},
{
"status": "affected",
"version": "6.4.0.2"
},
{
"status": "affected",
"version": "6.4.0.4"
},
{
"status": "affected",
"version": "6.4.0.5"
},
{
"status": "affected",
"version": "6.4.0.6"
},
{
"status": "affected",
"version": "6.4.0.7"
},
{
"status": "affected",
"version": "6.4.0.8"
},
{
"status": "affected",
"version": "6.4.0.9"
},
{
"status": "affected",
"version": "6.4.0.10"
},
{
"status": "affected",
"version": "6.4.0.11"
},
{
"status": "affected",
"version": "6.4.0.12"
},
{
"status": "affected",
"version": "6.4.0.13"
},
{
"status": "affected",
"version": "6.4.0.14"
},
{
"status": "affected",
"version": "6.4.0.15"
},
{
"status": "affected",
"version": "6.4.0.16"
},
{
"status": "affected",
"version": "6.4.0.17"
},
{
"status": "affected",
"version": "6.4.0.18"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.0.6"
},
{
"status": "affected",
"version": "7.0.6.1"
},
{
"status": "affected",
"version": "7.0.6.2"
},
{
"status": "affected",
"version": "7.0.6.3"
},
{
"status": "affected",
"version": "7.0.7"
},
{
"status": "affected",
"version": "7.0.8"
},
{
"status": "affected",
"version": "7.0.8.1"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.2.6"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.5.2"
},
{
"status": "affected",
"version": "7.2.8"
},
{
"status": "affected",
"version": "7.2.8.1"
},
{
"status": "affected",
"version": "7.2.9"
},
{
"status": "affected",
"version": "7.2.10"
},
{
"status": "affected",
"version": "7.2.10.2"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.3.1.2"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.4.2.1"
},
{
"status": "affected",
"version": "7.4.2.2"
},
{
"status": "affected",
"version": "7.4.2.3"
},
{
"status": "affected",
"version": "7.4.2.4"
},
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.6.2.1"
},
{
"status": "affected",
"version": "7.7.0"
},
{
"status": "affected",
"version": "7.7.10"
},
{
"status": "affected",
"version": "7.7.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T18:36:25.603Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ftd-cmd-inj-mTzGZexf",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmd-inj-mTzGZexf"
}
],
"source": {
"advisory": "cisco-sa-ftd-cmd-inj-mTzGZexf",
"defects": [
"CSCwq01526"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20064",
"datePublished": "2026-03-04T18:36:25.603Z",
"dateReserved": "2025-10-08T11:59:15.357Z",
"dateUpdated": "2026-03-04T19:05:59.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15690 (GCVE-0-2026-15690)
Vulnerability from cvelistv5 – Published: 2026-07-14 11:45 – Updated: 2026-07-14 12:56| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378237 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378237/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15690 | third-party-advisory |
| https://vuldb.com/submit/855996 | third-party-advisory |
| https://github.com/open62541/open62541/issues/8104 | exploitissue-tracking |
| https://github.com/open62541/open62541/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15690",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:56:05.426097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:56:38.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:open62541:open62541:*:*:*:*:*:*:*:*"
],
"modules": [
"Shared Client Library"
],
"product": "open62541",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
},
{
"status": "affected",
"version": "1.5.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chuan Wei"
},
{
"lang": "en",
"type": "reporter",
"value": "VULL (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "VULL (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in open62541 up to 1.5.5. Affected by this issue is the function responseReadNamespacesArray of the file src/client/ua_client_connect.c of the component Shared Client Library. Such manipulation of the argument Server_NamespaceArray leads to null pointer dereference. The attack can be executed remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit is publicly available and might be used. The project closed the issue report, stating that this is not the official way to report a security vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T11:45:07.861Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378237 | open62541 Shared Client ua_client_connect.c responseReadNamespacesArray null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378237"
},
{
"name": "VDB-378237 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378237/cti"
},
{
"name": "CVE-2026-15690 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15690"
},
{
"name": "Submit #855996 | open62541 Project open62541 master (commit ca356b088ada7dee824d1b4acd07c1ff07ce242b\uff09 out-of-bounds read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855996"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/open62541/open62541/issues/8104"
},
{
"tags": [
"product"
],
"url": "https://github.com/open62541/open62541/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-14T07:19:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "open62541 Shared Client ua_client_connect.c responseReadNamespacesArray null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15690",
"datePublished": "2026-07-14T11:45:07.861Z",
"dateReserved": "2026-07-14T04:55:16.031Z",
"dateUpdated": "2026-07-14T12:56:38.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15352 (GCVE-0-2026-15352)
Vulnerability from cvelistv5 – Published: 2026-07-16 19:48 – Updated: 2026-07-16 21:03- CWE-476 - NULL pointer dereference
| Vendor | Product | Version | |
|---|---|---|---|
| NASA | Core Flight System (cFS) Health & Safety (HS) Application |
Affected:
0 , < v7.0.1
(custom)
Unaffected: v7.0.1 |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Core Flight System (cFS) Health \u0026 Safety (HS) Application",
"vendor": "NASA",
"versions": [
{
"lessThan": "v7.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "v7.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Grady DeRosa reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the Health \u0026amp; Safety (HS) application of NASA\u0027s Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service."
}
],
"value": "A vulnerability exists in the Health \u0026 Safety (HS) application of NASA\u0027s Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T21:03:55.318Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://github.com/nasa/HS/releases/tag/v7.0.1"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NASA recommends users update to v7.0.1\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://github.com/nasa/HS/releases/tag/v7.0.1\"\u003ehttps://github.com/nasa/HS/releases/tag/v7.0.1\u003c/a\u003e"
}
],
"value": "NASA recommends users update to v7.0.1\u00a0\n https://github.com/nasa/HS/releases/tag/v7.0.1"
}
],
"source": {
"advisory": "ICSA-26-197-03",
"discovery": "EXTERNAL"
},
"title": "NASA Core Flight System (cFS) Health \u0026 Safety (HS) Application NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-15352",
"datePublished": "2026-07-16T19:48:43.886Z",
"dateReserved": "2026-07-09T22:03:49.631Z",
"dateUpdated": "2026-07-16T21:03:55.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15184 (GCVE-0-2026-15184)
Vulnerability from cvelistv5 – Published: 2026-07-09 12:00 – Updated: 2026-07-09 12:55 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377110 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377110/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15184 | third-party-advisory |
| https://vuldb.com/submit/851192 | third-party-advisory |
| https://github.com/LibreDWG/libredwg/issues/1253 | issue-tracking |
| https://github.com/HackC0der/CVE-Repos/blob/main/… | exploit |
| https://github.com/LibreDWG/libredwg/commit/dde45… | patch |
| https://github.com/LibreDWG/libredwg/releases/tag/0.14 | patch |
| https://www.gnu.org/ | broken-linkproduct |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15184",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:54:47.638450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:55:55.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"
],
"modules": [
"DWG File Handler"
],
"product": "LibreDWG",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "0.13.0"
},
{
"status": "affected",
"version": "0.13.1"
},
{
"status": "affected",
"version": "0.13.2"
},
{
"status": "affected",
"version": "0.13.3"
},
{
"status": "affected",
"version": "0.13.4"
},
{
"status": "unaffected",
"version": "0.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ech06 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. Upgrading to version 0.14 is sufficient to resolve this issue. The patch is named dde45dac3c4d902e4d8fed150a8017b9732019c9. Upgrading the affected component is recommended. Different than CVE-2026-9503."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:00:17.369Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377110 | GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377110"
},
{
"name": "VDB-377110 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377110/cti"
},
{
"name": "CVE-2026-15184 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15184"
},
{
"name": "Submit #851192 | LibreDWG 0.13.4-154-g0b573035 (main branch, commit 0b573035, 2026-04-29) \u7a7a\u6307\u9488\u89e3\u5f15\u7528 (NULL Pointer Dereference)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/851192"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/LibreDWG/libredwg/issues/1253"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_0b57303_dwggrep_segv_null_read_dwg_next_entity_dwg.c_1231.dwg"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LibreDWG/libredwg/commit/dde45dac3c4d902e4d8fed150a8017b9732019c9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LibreDWG/libredwg/releases/tag/0.14"
},
{
"tags": [
"broken-link",
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-09T07:05:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15184",
"datePublished": "2026-07-09T12:00:17.369Z",
"dateReserved": "2026-07-09T05:00:12.112Z",
"dateUpdated": "2026-07-09T12:55:55.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15171 (GCVE-0-2026-15171)
Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:44- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.7
(semver)
Affected: 4.4.0 , < 4.4.17 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15171",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:44:51.561918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:44:55.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.7",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.17",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrijs Trizna"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T20:51:10.283Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.7 or above"
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-15171",
"datePublished": "2026-07-08T20:51:10.283Z",
"dateReserved": "2026-07-08T20:45:53.857Z",
"dateUpdated": "2026-07-09T13:44:55.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14790 (GCVE-0-2026-14790)
Vulnerability from cvelistv5 – Published: 2026-07-06 02:15 – Updated: 2026-07-06 15:20 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376379 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376379/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14790 | third-party-advisory |
| https://vuldb.com/submit/850391 | third-party-advisory |
| https://github.com/gpac/gpac/issues/3596 | exploitissue-tracking |
| https://github.com/gpac/gpac/commit/bd1d94e70e3be… | patch |
| https://github.com/gpac/gpac/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14790",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:20:42.977103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:20:48.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/850391"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*"
],
"modules": [
"Media File Handler"
],
"product": "GPAC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "26.02.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kery Qi (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be used. This patch is called bd1d94e70e3bef364c07c5a1d94eca5c9f56e160. A patch should be applied to remediate this issue. The project explains: \"I would consider most of these more as bugs than vulns but anyway they\u0027re good to fix\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T02:15:09.433Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376379 | GPAC Media File write_nhml.c nhmldump_send_frame null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376379"
},
{
"name": "VDB-376379 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376379/cti"
},
{
"name": "CVE-2026-14790 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14790"
},
{
"name": "Submit #850391 | gpac v26.02.0 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/850391"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/gpac/gpac/issues/3596"
},
{
"tags": [
"patch"
],
"url": "https://github.com/gpac/gpac/commit/bd1d94e70e3bef364c07c5a1d94eca5c9f56e160"
},
{
"tags": [
"product"
],
"url": "https://github.com/gpac/gpac/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-05T18:12:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "GPAC Media File write_nhml.c nhmldump_send_frame null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14790",
"datePublished": "2026-07-06T02:15:09.433Z",
"dateReserved": "2026-07-05T16:07:15.466Z",
"dateUpdated": "2026-07-06T15:20:48.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14324 (GCVE-0-2026-14324)
Vulnerability from cvelistv5 – Published: 2026-07-01 14:09 – Updated: 2026-07-01 17:25- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-14324 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2495903 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T16:15:20.378021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:35.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unknown",
"packageName": "libkrun",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unknown",
"packageName": "pipewire",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unknown",
"packageName": "pipewire",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unknown",
"packageName": "pipewire0.2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unknown",
"packageName": "pipewire",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Tristan for reporting this issue."
}
],
"datePublic": "2026-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:09:20.582Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-14324"
},
{
"name": "RHBZ#2495903",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495903"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-01T12:14:20.335Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-07-01T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Pipewire: raop rtsp null deref",
"workarounds": [
{
"lang": "en",
"value": "If AirPlay streaming is not required, unload or disable the\n module-raop-discover and module-raop-sink PipeWire modules."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-14324",
"datePublished": "2026-07-01T14:09:20.582Z",
"dateReserved": "2026-07-01T12:14:59.165Z",
"dateUpdated": "2026-07-01T17:25:35.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13084 (GCVE-0-2026-13084)
Vulnerability from cvelistv5 – Published: 2026-07-02 23:06 – Updated: 2026-07-06 14:54- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://www.watchguard.com/wgrd-psirt/advisory/wg… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| WatchGuard | Fireware OS |
Affected:
11.10.2 , ≤ 11.12.4+541730
(semver)
Affected: 12.0 , ≤ 12.12 (semver) Affected: 12.5 , ≤ 12.5.18 (semver) Affected: 2025.1 , ≤ 2026.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T14:54:38.254930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T14:54:50.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fireware OS",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "11.12.4+541730",
"status": "affected",
"version": "11.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.12",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.5.18",
"status": "affected",
"version": "12.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "2026.2",
"status": "affected",
"version": "2025.1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:11.10.2",
"versionEndIncluding": "11.12.4+541730",
"versionStartIncluding": "11.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0",
"versionEndIncluding": "12.12",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5",
"versionEndIncluding": "12.5.18",
"versionStartIncluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1",
"versionEndIncluding": "2026.2",
"versionStartIncluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages.\u0026nbsp;This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.\u003cbr\u003e\u003cbr\u003eThis vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2"
}
],
"value": "A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages.\u00a0This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.\n\nThis vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2"
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T23:06:48.043Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00024"
}
],
"source": {
"advisory": "WGSA-2026-00024",
"defect": [
"FBX-32250"
],
"discovery": "EXTERNAL"
},
"title": "Null Pointer Dereference in WatchGuard Fireware OS iked Process",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2026-13084",
"datePublished": "2026-07-02T23:06:48.043Z",
"dateReserved": "2026-06-23T18:29:23.985Z",
"dateUpdated": "2026-07-06T14:54:50.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11788 (GCVE-0-2026-11788)
Vulnerability from cvelistv5 – Published: 2026-06-09 13:02 – Updated: 2026-06-30 07:48- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-11788 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485423 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Directory Server 11 |
cpe:/a:redhat:directory_server:11 |
|
| Red Hat | Red Hat Directory Server 12 |
cpe:/a:redhat:directory_server:12 |
|
| Red Hat | Red Hat Directory Server 13 |
cpe:/a:redhat:directory_server:13 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:11:26.743552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:12:38.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "affected",
"packageName": "redhat-ds:11/389-ds-base",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "affected",
"packageName": "redhat-ds:12/389-ds-base",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Ian Murphy (Red Hat)."
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T07:48:55.675Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-11788"
},
{
"name": "RHBZ#2485423",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485423"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-16T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-16T00:00:00.000Z",
"value": "Made public."
}
],
"title": "389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser",
"workarounds": [
{
"lang": "en",
"value": "Disable the deref plugin (most effective): dsconf \u003cinstance\u003e plugin deref disable; systemctl restart dirsrv@\u003cinstance\u003e. Disable anonymous access (nsslapd-allow-anonymous-access=off) to raise the bar from pre-auth to authenticated exploitation. Configure memory limits as defense-in-depth: set nsslapd-maxbersize and nsslapd-conntablesize, and deploy in a cgroup with memory limits."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-11788",
"datePublished": "2026-06-09T13:02:53.715Z",
"dateReserved": "2026-06-09T12:57:59.740Z",
"dateUpdated": "2026-06-30T07:48:55.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.