Total
4231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4875 | 3 Debian, Mutt, Redhat | 3 Debian Linux, Mutt, Enterprise Linux | 2024-11-21 | 2.2 Low |
| Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | ||||
| CVE-2023-4874 | 3 Debian, Mutt, Redhat | 3 Debian Linux, Mutt, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | ||||
| CVE-2023-4683 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
| CVE-2023-4681 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
| CVE-2023-49936 | 1 Schedmd | 1 Slurm | 2024-11-21 | 7.5 High |
| An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. | ||||
| CVE-2023-48697 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-11-21 | 6.4 Medium |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48416 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-48364 | 1 Siemens | 6 Openpcs 7, Simatic Batch, Simatic Pcs 7 and 3 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. | ||||
| CVE-2023-48363 | 1 Siemens | 6 Openpcs 7, Simatic Batch, Simatic Pcs 7 and 3 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. | ||||
| CVE-2023-48183 | 2024-11-21 | 7.5 High | ||
| QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval. | ||||
| CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-11-21 | 9.8 Critical |
| An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | ||||
| CVE-2023-46867 | 1 Color | 1 Demoiccmax | 2024-11-21 | 6.5 Medium |
| In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference. | ||||
| CVE-2023-46862 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 4.7 Medium |
| An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. | ||||
| CVE-2023-46427 | 1 Gpac | 1 Gpac | 2024-11-21 | 9.8 Critical |
| An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c. | ||||
| CVE-2023-46345 | 1 Fossies | 1 Catdoc | 2024-11-21 | 7.5 High |
| Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. | ||||
| CVE-2023-46239 | 1 Quic-go Project | 1 Quic-go | 2024-11-21 | 7.5 High |
| quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected. | ||||
| CVE-2023-46049 | 2024-11-21 | 5.3 Medium | ||
| LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem. | ||||
| CVE-2023-46048 | 2024-11-21 | 6.2 Medium | ||
| Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. | ||||
| CVE-2023-46046 | 2024-11-21 | 5.5 Medium | ||
| An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files. | ||||
| CVE-2023-45935 | 2024-11-21 | 4.2 Medium | ||
| Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. | ||||