Total
4853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48363 | 1 Siemens | 6 Openpcs 7, Simatic Batch, Simatic Pcs 7 and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (Al ...
Show More |
|||||
| CVE-2023-47076 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.
|
|||||
| CVE-2023-46867 | 1 Color | 1 Demoiccmax | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.
|
|||||
| CVE-2023-46862 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.7 MEDIUM |
|
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.
|
|||||
| CVE-2023-46345 | 1 Fossies | 1 Catdoc | 2024-11-21 | N/A | 7.5 HIGH |
|
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.
|
|||||
| CVE-2023-46239 | 1 Quic-go Project | 1 Quic-go | 2024-11-21 | N/A | 7.5 HIGH |
|
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Versi ...
Show More |
|||||
| CVE-2023-45680 | 1 Nothings | 1 Stb Vorbis.c | 2024-11-21 | N/A | 5.3 MEDIUM |
|
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.
|
|||||
| CVE-2023-45667 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | N/A | 5.3 MEDIUM |
|
stb_image is a single file MIT licensed library for processing images.
If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
|
|||||
| CVE-2023-42754 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
|
|||||
| CVE-2023-41909 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
|
|||||
| CVE-2023-41358 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
|
|||||
| CVE-2023-41274 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
|
|||||
| CVE-2023-40546 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Shim | 2024-11-21 | N/A | 6.2 MEDIUM |
|
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
|
|||||
| CVE-2023-40459 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
|
The
ACEManager component of ALEOS 4.16 and earlier does not adequately perform
input sanitization during authentication, which could potentially result in a
Denial of Service (DoS) condition for ACEManager without impairing other router
functions. ACEManager recovers from the DoS condition by restarting within ten
seconds of becoming unavailable.
|
|||||
| CVE-2023-40360 | 1 Qemu | 1 Qemu | 2024-11-21 | N/A | 5.5 MEDIUM |
|
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
|
|||||
| CVE-2023-3772 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.
|
|||||
| CVE-2023-3603 | 1 Libssh | 1 Libssh | 2024-11-21 | N/A | 3.1 LOW |
|
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.
Given this code is not in any released versions, ...
Show More |
|||||
| CVE-2023-3355 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.
|
|||||
| CVE-2023-3354 | 3 Fedoraproject, Qemu, Redhat | 4 Fedora, Qemu, Enterprise Linux and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
|
|||||
| CVE-2023-3338 | 3 Debian, Linux, Netapp | 3 Debian Linux, Linux Kernel, Active Iq Unified Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.
|
|||||
| CVE-2023-3212 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
|
|||||
| CVE-2023-3106 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | N/A | 6.6 MEDIUM |
|
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
|
|||||
| CVE-2023-3012 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 7.8 HIGH |
|
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.
|
|||||
| CVE-2023-39669 | 1 Dlink | 2 Dir-880l A1, Dir-880l A1 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.
|
|||||
| CVE-2023-39397 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2023-38712 | 1 Libreswan | 1 Libreswan | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
|
|||||
| CVE-2023-38711 | 1 Libreswan | 1 Libreswan | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
|
|||||
| CVE-2023-38676 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
|
|||||
| CVE-2023-38670 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
|
|||||
| CVE-2023-38665 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
|
|||||
| CVE-2023-38524 | 1 Siemens | 2 Parasolid, Teamcenter Visualization | 2024-11-21 | N/A | 3.3 LOW |
|
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in t ...
Show More |
|||||
| CVE-2023-38322 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23 ...
Show More |
|||||
| CVE-2023-38321 | 1 Sierrawireless | 6 Aleos, Lx40, Lx60 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.
|
|||||
| CVE-2023-38320 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem was fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
|
|||||
| CVE-2023-38315 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
|
|||||
| CVE-2023-38314 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3.
|
|||||
| CVE-2023-38313 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWr ...
Show More |
|||||
| CVE-2023-38171 | 1 Microsoft | 4 .net, Visual Studio 2022, Windows 11 22h2 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft QUIC Denial of Service Vulnerability
|
|||||
| CVE-2023-37732 | 1 Yasm Project | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.
|
|||||