Total
3482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26917 | 1 Cesnet | 1 Libyang | 2024-08-02 | 7.5 High |
| libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. | ||||
| CVE-2023-26463 | 1 Strongswan | 1 Strongswan | 2024-08-02 | 9.8 Critical |
| strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. | ||||
| CVE-2023-25674 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25660 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. | ||||
| CVE-2023-25663 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25665 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1. | ||||
| CVE-2023-25676 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25672 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | ||||
| CVE-2023-25670 | 1 Google | 1 Tensorflow | 2024-08-02 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | ||||
| CVE-2023-25510 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2024-08-02 | 3.3 Low |
| NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. | ||||
| CVE-2023-23005 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2024-08-02 | 5.5 Medium |
| In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. | ||||
| CVE-2023-24910 | 1 Microsoft | 24 365, Office, Office Long Term Servicing Channel and 21 more | 2024-08-02 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-24938 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-02 | 6.5 Medium |
| Windows CryptoAPI Denial of Service Vulnerability | ||||
| CVE-2023-24859 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-08-02 | 7.5 High |
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | ||||
| CVE-2023-24818 | 1 Riot-os | 1 Riot | 2024-08-02 | 7.5 High |
| RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | ||||
| CVE-2023-24832 | 1 Facebook | 1 Hermes | 2024-08-02 | 7.5 High |
| A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
| CVE-2023-24847 | 1 Qualcomm | 514 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 511 more | 2024-08-02 | 7.5 High |
| Transient DOS in Modem while allocating DSM items. | ||||
| CVE-2023-24825 | 1 Riot-os | 1 Riot | 2024-08-02 | 7.5 High |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds. | ||||
| CVE-2023-24822 | 1 Riot-os | 1 Riot | 2024-08-02 | 7.5 High |
| RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | ||||
| CVE-2023-24757 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-08-02 | 5.5 Medium |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | ||||