Total
3515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25454 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. | ||||
| CVE-2024-25453 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. | ||||
| CVE-2024-25260 | 2024-11-21 | 4.0 Medium | ||
| elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. | ||||
| CVE-2024-25197 | 2024-11-21 | 6.5 Medium | ||
| Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp. | ||||
| CVE-2024-24991 | 2024-11-21 | N/A | ||
| A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | ||||
| CVE-2024-24989 | 2024-11-21 | 7.5 High | ||
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-24864 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.3 Medium |
| A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||||
| CVE-2024-24860 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.6 Medium |
| A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||||
| CVE-2024-24856 | 2024-11-21 | 5.3 Medium | ||
| The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return exception code AE_NO_MEMORY. | ||||
| CVE-2024-24855 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5 Medium |
| A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||||
| CVE-2024-24783 | 1 Redhat | 21 Advanced Cluster Security, Ansible Automation Platform, Cryostat and 18 more | 2024-11-21 | 5.9 Medium |
| Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. | ||||
| CVE-2024-24775 | 2024-11-21 | 7.5 High | ||
| When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-24194 | 2024-11-21 | 7.5 High | ||
| robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c. | ||||
| CVE-2024-23808 | 2024-11-21 | 5.2 Medium | ||
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. | ||||
| CVE-2024-23801 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 3.3 Low |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2024-23800 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 3.3 Low |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2024-23799 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 3.3 Low |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2024-23722 | 2024-11-21 | 7.5 High | ||
| In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly. | ||||
| CVE-2024-23441 | 2 Anti-virus, Microsoft | 2 Vba32, Windows | 2024-11-21 | 5.5 Medium |
| Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | ||||
| CVE-2024-23327 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||