U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): dereference
  • Search Type: Search All
There are 2,982 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2023-48416

In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: December 08, 2023; 11:15:18 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-48698

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: December 04, 2023; 8:15:09 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-48696

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: December 04, 2023; 8:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-48694

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: December 04, 2023; 8:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-49083

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

Published: November 29, 2023; 2:15:07 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-5972

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.

Published: November 23, 2023; 1:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-41139

A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Published: November 22, 2023; 11:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.

Published: November 17, 2023; 1:15:33 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

Published: November 17, 2023; 1:15:33 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38315

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

Published: November 17, 2023; 1:15:33 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38314

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

Published: November 17, 2023; 1:15:33 AM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-38313

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.

Published: November 17, 2023; 1:15:33 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

Published: November 16, 2023; 1:15:07 PM -0500
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2023-25071

NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.

Published: November 14, 2023; 2:15:18 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-42879

NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.

Published: November 14, 2023; 2:15:13 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-39198

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

Published: November 09, 2023; 3:15:08 PM -0500
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2023-46728

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

Published: November 06, 2023; 1:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-31026

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.

Published: November 02, 2023; 3:15:41 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-31023

NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.

Published: November 02, 2023; 3:15:41 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-31022

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

Published: November 02, 2023; 3:15:41 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)