Total
3815 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25560 | 2024-11-21 | N/A | 7.5 HIGH | ||
| When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-24864 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
| A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write()Â function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
| CVE-2024-24856 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return exception code AE_NO_MEMORY. | |||||
| CVE-2024-24855 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.0 MEDIUM |
| A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
| CVE-2024-24783 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. | |||||
| CVE-2024-24194 | 2024-11-21 | N/A | 7.5 HIGH | ||
| robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c. | |||||
| CVE-2024-23801 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | N/A | 3.3 LOW |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2024-23800 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | N/A | 3.3 LOW |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2024-23799 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | N/A | 3.3 LOW |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2024-23441 | 2 Anti-virus, Microsoft | 2 Vba32, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | |||||
| CVE-2024-23327 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | N/A | 7.5 HIGH |
| Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-23196 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
| A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
| CVE-2024-23083 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
| CVE-2024-23080 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
| CVE-2024-23078 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
| CVE-2024-22386 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
| A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |||||
| CVE-2024-22052 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack | |||||
| CVE-2024-22043 | 1 Siemens | 1 Parasolid | 2024-11-21 | N/A | 3.3 LOW |
| A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2024-22023 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-21 | N/A | 5.3 MEDIUM |
| An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. | |||||
| CVE-2024-21664 | 1 Lestrrat-go | 1 Jwx | 2024-11-21 | N/A | 4.3 MEDIUM |
| jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28. | |||||