Total
2760 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40360 | 1 Qemu | 1 Qemu | 2024-02-28 | N/A | 5.5 MEDIUM |
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled. | |||||
CVE-2022-44368 | 1 Nasm | 1 Netwide Assembler | 2024-02-28 | N/A | 5.5 MEDIUM |
NASM v2.16 was discovered to contain a null pointer deference in the NASM component | |||||
CVE-2023-3212 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2024-02-28 | N/A | 4.4 MEDIUM |
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | |||||
CVE-2023-25660 | 1 Google | 1 Tensorflow | 2024-02-28 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. | |||||
CVE-2023-3355 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system. | |||||
CVE-2023-25670 | 1 Google | 1 Tensorflow | 2024-02-28 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
CVE-2023-2953 | 4 Apple, Netapp, Openldap and 1 more | 16 Macos, Active Iq Unified Manager, Clustered Data Ontap and 13 more | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. | |||||
CVE-2023-28327 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 5.5 MEDIUM |
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. | |||||
CVE-2023-31129 | 1 Contiki-ng | 1 Contiki-ng | 2024-02-28 | N/A | 9.8 CRITICAL |
The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state. The message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`. The problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly. | |||||
CVE-2023-33307 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-28 | N/A | 6.5 MEDIUM |
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. | |||||
CVE-2023-0190 | 1 Nvidia | 6 Geforce, Gpu Display Driver, Nvs and 3 more | 2024-02-28 | N/A | 5.5 MEDIUM |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. | |||||
CVE-2023-3357 | 1 Linux | 1 Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. | |||||
CVE-2020-28163 | 1 Libdwarf Project | 1 Libdwarf | 2024-02-28 | N/A | 6.5 MEDIUM |
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname. | |||||
CVE-2023-24818 | 1 Riot-os | 1 Riot | 2024-02-28 | N/A | 7.5 HIGH |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | |||||
CVE-2023-25523 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2024-02-28 | N/A | 3.3 LOW |
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. | |||||
CVE-2023-2840 | 1 Gpac | 1 Gpac | 2024-02-28 | N/A | 9.8 CRITICAL |
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | |||||
CVE-2022-47465 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-28 | N/A | 5.5 MEDIUM |
In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service. | |||||
CVE-2023-29996 | 1 Emqx | 1 Nanomq | 2024-02-28 | N/A | 7.5 HIGH |
In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. | |||||
CVE-2022-42335 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-02-28 | N/A | 7.8 HIGH |
x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control. | |||||
CVE-2023-28328 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 5.5 MEDIUM |
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. |