Total
2549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15219 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | |||||
| CVE-2019-15216 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2023-11-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | |||||
| CVE-2023-28466 | 3 Debian, Linux, Netapp | 7 Debian Linux, Linux Kernel, H300s and 4 more | 2023-11-09 | N/A | 7.0 HIGH |
| do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | |||||
| CVE-2023-46239 | 1 Quic-go Project | 1 Quic-go | 2023-11-09 | N/A | 7.5 HIGH |
| quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected. | |||||
| CVE-2021-46019 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | |||||
| CVE-2023-4385 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. | |||||
| CVE-2023-3355 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system. | |||||
| CVE-2023-3338 | 3 Debian, Linux, Netapp | 3 Debian Linux, Linux Kernel, Active Iq Unified Manager | 2023-11-07 | N/A | 6.5 MEDIUM |
| A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. | |||||
| CVE-2023-33307 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-11-07 | N/A | 6.5 MEDIUM |
| A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. | |||||
| CVE-2023-33306 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-11-07 | N/A | 6.5 MEDIUM |
| A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. | |||||
| CVE-2023-2908 | 1 Libtiff | 1 Libtiff | 2023-11-07 | N/A | 5.5 MEDIUM |
| A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. | |||||
| CVE-2023-2166 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | |||||
| CVE-2023-29984 | 3 Brother, Fujifilm, Toshibatec | 432 Dcp-1610w, Dcp-1610w Firmware, Dcp-1610we and 429 more | 2023-11-07 | N/A | 7.5 HIGH |
| Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor. | |||||
| CVE-2023-27787 | 1 Broadcom | 1 Tcpreplay | 2023-11-07 | N/A | 7.5 HIGH |
| An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. | |||||
| CVE-2023-27786 | 1 Broadcom | 1 Tcpreplay | 2023-11-07 | N/A | 7.5 HIGH |
| An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. | |||||
| CVE-2023-27785 | 1 Broadcom | 1 Tcpreplay | 2023-11-07 | N/A | 7.5 HIGH |
| An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. | |||||
| CVE-2023-27784 | 1 Broadcom | 1 Tcpreplay | 2023-11-07 | N/A | 7.5 HIGH |
| An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. | |||||
| CVE-2023-26916 | 2 Cesnet, Fedoraproject | 2 Libyang, Fedora | 2023-11-07 | N/A | 5.3 MEDIUM |
| libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. | |||||
| CVE-2023-25947 | 1 Openharmony | 1 Openharmony | 2023-11-07 | N/A | 5.5 MEDIUM |
| The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. | |||||
| CVE-2023-25672 | 1 Google | 1 Tensorflow | 2023-11-07 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||