Total
3019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38524 | 1 Siemens | 2 Parasolid, Teamcenter Visualization | 2024-11-21 | N/A | 3.3 LOW |
| A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-38322 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. | |||||
| CVE-2023-38321 | 1 Sierrawireless | 6 Aleos, Lx40, Lx60 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. | |||||
| CVE-2023-38320 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem was fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. | |||||
| CVE-2023-38315 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. | |||||
| CVE-2023-38314 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3. | |||||
| CVE-2023-38313 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3. | |||||
| CVE-2023-38171 | 1 Microsoft | 4 .net, Visual Studio 2022, Windows 11 22h2 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft QUIC Denial of Service Vulnerability | |||||
| CVE-2023-37732 | 1 Yasm Project | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
| Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | |||||
| CVE-2023-37456 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
| The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115. | |||||
| CVE-2023-37368 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet. | |||||
| CVE-2023-37188 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-11-21 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. | |||||
| CVE-2023-37187 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-11-21 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function. | |||||
| CVE-2023-37186 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-11-21 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. | |||||
| CVE-2023-37185 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-11-21 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. | |||||
| CVE-2023-36709 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft AllJoyn API Denial of Service Vulnerability | |||||
| CVE-2023-36603 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows TCP/IP Denial of Service Vulnerability | |||||
| CVE-2023-36602 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows TCP/IP Denial of Service Vulnerability | |||||
| CVE-2023-36199 | 1 Skale | 1 Sgxwallet | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. | |||||
| CVE-2023-35338 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows Peer Name Resolution Protocol Denial of Service Vulnerability | |||||