Total
3979 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41234 | 2024-11-21 | 5 Medium | ||
| NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-40459 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2024-11-21 | 7.5 High |
| The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | ||||
| CVE-2023-40360 | 1 Qemu | 1 Qemu | 2024-11-21 | 5.5 Medium |
| QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled. | ||||
| CVE-2023-3772 | 4 Debian, Fedoraproject, Linux and 1 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | ||||
| CVE-2023-3603 | 2 Libssh, Redhat | 2 Libssh, Enterprise Linux | 2024-11-21 | 3.1 Low |
| A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued. | ||||
| CVE-2023-3212 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2024-11-21 | 4.4 Medium |
| A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | ||||
| CVE-2023-39669 | 2 D-link, Dlink | 3 Dir-880l, Dir-880l A1, Dir-880l A1 Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. | ||||
| CVE-2023-39397 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-38712 | 2 Libreswan, Redhat | 5 Libreswan, Enterprise Linux, Openshift and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. | ||||
| CVE-2023-38711 | 2 Libreswan, Redhat | 5 Libreswan, Enterprise Linux, Openshift and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. | ||||
| CVE-2023-38676 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 4.7 Medium |
| Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||||
| CVE-2023-38670 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 4.7 Medium |
| Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. | ||||
| CVE-2023-38665 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). | ||||
| CVE-2023-38322 | 1 Opennds | 1 Captive Portal | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. | ||||
| CVE-2023-38321 | 1 Sierrawireless | 6 Aleos, Lx40, Lx60 and 3 more | 2024-11-21 | 7.5 High |
| OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. | ||||
| CVE-2023-38320 | 1 Opennds | 1 Captive Portal | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem was fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. | ||||
| CVE-2023-38315 | 1 Opennds | 1 Captive Portal | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. | ||||
| CVE-2023-38314 | 1 Opennds | 1 Captive Portal | 2024-11-21 | 6.5 Medium |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3. | ||||
| CVE-2023-38313 | 1 Opennds | 1 Captive Portal | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3. | ||||
| CVE-2023-37732 | 1 Yasm Project | 1 Yasm | 2024-11-21 | 5.5 Medium |
| Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | ||||