Total
4519 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24825 | 1 Riot-os | 1 Riot | 2025-01-10 | 7.5 High |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds. | ||||
| CVE-2023-33973 | 1 Riot-os | 1 Riot | 2025-01-10 | 7.5 High |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds. | ||||
| CVE-2023-49275 | 1 Wazuh | 1 Wazuh | 2025-01-09 | 6.5 Medium |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1. | ||||
| CVE-2023-33461 | 1 Ndevilla | 1 Iniparser | 2025-01-09 | 5.5 Medium |
| iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. | ||||
| CVE-2023-3012 | 1 Gpac | 1 Gpac | 2025-01-09 | 7.8 High |
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | ||||
| CVE-2023-29539 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Focus and 6 more | 2025-01-09 | 8.8 High |
| When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | ||||
| CVE-2022-48445 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | 5.9 Medium |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-48444 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | 5.9 Medium |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-48443 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | 5.9 Medium |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-48442 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | 6.2 Medium |
| In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2023-33121 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-01-03 | 3.3 Low |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||
| CVE-2024-56318 | 2025-01-02 | 7.5 High | ||
| In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service. | ||||
| CVE-2024-23808 | 1 Openatom | 1 Openharmony | 2025-01-02 | 5.2 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. | ||||
| CVE-2024-31078 | 1 Openatom | 1 Openharmony | 2025-01-02 | 3.3 Low |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. | ||||
| CVE-2023-32084 | 1 Microsoft | 5 Windows 10 1809, Windows 11 21h2, Windows 11 22h2 and 2 more | 2025-01-01 | 7.5 High |
| HTTP.sys Denial of Service Vulnerability | ||||
| CVE-2023-35338 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 7.5 High |
| Windows Peer Name Resolution Protocol Denial of Service Vulnerability | ||||
| CVE-2023-24910 | 1 Microsoft | 15 365, Office, Office Long Term Servicing Channel and 12 more | 2025-01-01 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-24859 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 7.5 High |
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | ||||
| CVE-2023-21700 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 7.5 High |
| Windows iSCSI Discovery Service Denial of Service Vulnerability | ||||
| CVE-2023-21758 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-01-01 | 7.5 High |
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | ||||