Total
2549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3407 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2023-05-23 | 7.1 HIGH | 8.6 HIGH |
| A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2019-12654 | 1 Cisco | 17 1000 Integrated Services Router, 1100 Integrated Services Router, 4000 Integrated Services Router and 14 more | 2023-05-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. | |||||
| CVE-2022-27497 | 1 Intel | 1 Active Management Technology Firmware | 2023-05-22 | N/A | 7.5 HIGH |
| Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2014-5077 | 4 Canonical, Linux, Redhat and 1 more | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux Eus and 5 more | 2023-05-19 | 7.1 HIGH | N/A |
| The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | |||||
| CVE-2022-2850 | 4 Debian, Fedoraproject, Port389 and 1 more | 5 Debian Linux, Fedora, 389-ds-base and 2 more | 2023-05-18 | N/A | 6.5 MEDIUM |
| A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | |||||
| CVE-2023-23108 | 1 Crasm Project | 1 Crasm | 2023-05-18 | N/A | 7.5 HIGH |
| In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. | |||||
| CVE-2023-26463 | 1 Strongswan | 1 Strongswan | 2023-05-17 | N/A | 9.8 CRITICAL |
| strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. | |||||
| CVE-2023-31129 | 1 Contiki-ng | 1 Contiki-ng | 2023-05-15 | N/A | 9.8 CRITICAL |
| The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state. The message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`. The problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly. | |||||
| CVE-2022-34675 | 3 Citrix, Nvidia, Redhat | 9 Hypervisor, Cloud Gaming, Geforce and 6 more | 2023-05-11 | N/A | 5.5 MEDIUM |
| NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-48231 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 5.5 MEDIUM |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48241 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-05-11 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2023-29996 | 1 Emqx | 1 Nanomq | 2023-05-10 | N/A | 7.5 HIGH |
| In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. | |||||
| CVE-2023-0458 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-05-09 | N/A | 4.7 MEDIUM |
| A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 | |||||
| CVE-2022-3116 | 1 Heimdal Project | 1 Heimdal | 2023-05-05 | N/A | 7.5 HIGH |
| The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. | |||||
| CVE-2021-32269 | 1 Gpac | 1 Gpac | 2023-05-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-23930 | 1 Gpac | 1 Gpac | 2023-05-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32270 | 1 Gpac | 1 Gpac | 2023-05-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2023-24822 | 1 Riot-os | 1 Riot | 2023-05-03 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | |||||
| CVE-2022-24249 | 1 Gpac | 1 Gpac | 2023-05-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. | |||||
| CVE-2023-24818 | 1 Riot-os | 1 Riot | 2023-05-03 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | |||||