Total
3737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46046 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files. | |||||
| CVE-2023-45935 | 2024-11-21 | N/A | 4.2 MEDIUM | ||
| Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. | |||||
| CVE-2023-45931 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. | |||||
| CVE-2023-45925 | 2024-11-21 | N/A | N/A | ||
| GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails). | |||||
| CVE-2023-45924 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2023-45913 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. | |||||
| CVE-2023-45680 | 1 Nothings | 1 Stb Vorbis.c | 2024-11-21 | N/A | 5.3 MEDIUM |
| stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service. | |||||
| CVE-2023-45667 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | N/A | 5.3 MEDIUM |
| stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | |||||
| CVE-2023-43898 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | N/A | 5.5 MEDIUM |
| Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | |||||
| CVE-2023-43522 | 1 Qualcomm | 572 Aqt1000, Aqt1000 Firmware, Ar8035 and 569 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL. | |||||
| CVE-2023-42754 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. | |||||
| CVE-2023-41909 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. | |||||
| CVE-2023-41633 | 1 Catdoc Project | 1 Catdoc | 2024-11-21 | N/A | 5.5 MEDIUM |
| Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. | |||||
| CVE-2023-41358 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | |||||
| CVE-2023-41274 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41234 | 2024-11-21 | N/A | 5.0 MEDIUM | ||
| NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-40546 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Shim | 2024-11-21 | N/A | 6.2 MEDIUM |
| A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances. | |||||
| CVE-2023-40459 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
| The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | |||||
| CVE-2023-40360 | 1 Qemu | 1 Qemu | 2024-11-21 | N/A | 5.5 MEDIUM |
| QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled. | |||||
| CVE-2023-3772 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | |||||