Total
2742 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-38321 | 1 Sierrawireless | 6 Aleos, Lx40, Lx60 and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. | |||||
CVE-2023-5972 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system. | |||||
CVE-2023-47076 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-52302 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-02-28 | N/A | 7.5 HIGH |
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
CVE-2023-25071 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access. | |||||
CVE-2023-48697 | 2024-02-28 | N/A | 9.8 CRITICAL | ||
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2024-23327 | 1 Envoyproxy | 1 Envoy | 2024-02-28 | N/A | 7.5 HIGH |
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-37188 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-02-28 | N/A | 7.5 HIGH |
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. | |||||
CVE-2023-49936 | 1 Schedmd | 1 Slurm | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | |||||
CVE-2023-52312 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-02-28 | N/A | 7.5 HIGH |
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
CVE-2023-37186 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-02-28 | N/A | 7.5 HIGH |
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. | |||||
CVE-2023-34323 | 1 Xen | 1 Xen | 2024-02-28 | N/A | 5.5 MEDIUM |
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default). | |||||
CVE-2024-24855 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
CVE-2024-22386 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 4.7 MEDIUM |
A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
CVE-2023-38711 | 1 Libreswan | 1 Libreswan | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. | |||||
CVE-2023-43898 | 1 Nothings | 1 Stb Image.h | 2024-02-28 | N/A | 5.5 MEDIUM |
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | |||||
CVE-2023-3106 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. | |||||
CVE-2023-40032 | 1 Libvips | 1 Libvips | 2024-02-28 | N/A | 5.5 MEDIUM |
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input. | |||||
CVE-2023-37368 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet. | |||||
CVE-2023-4681 | 1 Gpac | 1 Gpac | 2024-02-28 | N/A | 5.5 MEDIUM |
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. |