Total
3482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37188 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-08-02 | 7.5 High |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. | ||||
| CVE-2023-37187 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-08-02 | 7.5 High |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function. | ||||
| CVE-2023-36709 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-08-02 | 7.5 High |
| Microsoft AllJoyn API Denial of Service Vulnerability | ||||
| CVE-2023-36602 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 7.5 High |
| Windows TCP/IP Denial of Service Vulnerability | ||||
| CVE-2023-35338 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 7.5 High |
| Windows Peer Name Resolution Protocol Denial of Service Vulnerability | ||||
| CVE-2023-34323 | 1 Xen | 1 Xen | 2024-08-02 | 5.5 Medium |
| When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default). | ||||
| CVE-2023-34164 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-33973 | 1 Riot-os | 1 Riot | 2024-08-02 | 7.5 High |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds. | ||||
| CVE-2023-33461 | 1 Ndevilla | 1 Iniparser | 2024-08-02 | 5.5 Medium |
| iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. | ||||
| CVE-2023-33121 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-08-02 | 3.3 Low |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2023-33089 | 1 Qualcomm | 456 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 453 more | 2024-08-02 | 7.5 High |
| Transient DOS when processing a NULL buffer while parsing WLAN vdev. | ||||
| CVE-2023-33109 | 1 Qualcomm | 620 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 617 more | 2024-08-02 | 7.5 High |
| Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. | ||||
| CVE-2023-33088 | 1 Qualcomm | 612 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 609 more | 2024-08-02 | 8.4 High |
| Memory corruption when processing cmd parameters while parsing vdev. | ||||
| CVE-2023-33056 | 1 Qualcomm | 232 Ar8035, Ar8035 Firmware, Csr8811 and 229 more | 2024-08-02 | 7.5 High |
| Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | ||||
| CVE-2023-32248 | 3 Linux, Netapp, Redhat | 7 Linux Kernel, H300s, H410c and 4 more | 2024-08-02 | 7.5 High |
| A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. | ||||
| CVE-2023-32171 | 1 Unified-automation | 1 Uagateway | 2024-08-02 | N/A |
| Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportCsv method. A crafted XML payload can cause a null pointer dereference. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20495. | ||||
| CVE-2023-32084 | 1 Microsoft | 7 Windows 10 1809, Windows 11 21h2, Windows 11 21h2 and 4 more | 2024-08-02 | 7.5 High |
| HTTP.sys Denial of Service Vulnerability | ||||
| CVE-2023-32008 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-08-02 | 7.8 High |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | ||||
| CVE-2023-31083 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-02 | 4.7 Medium |
| An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. | ||||
| CVE-2023-31129 | 1 Contiki-ng | 1 Contiki-ng | 2024-08-02 | 7.5 High |
| The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state. The message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`. The problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly. | ||||