Lucene search
K

121 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.7 views

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS6.7AI score0.00765EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:47 a.m.8 views

CVE-2022-31077

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

5.7CVSS6.7AI score0.00761EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:52 p.m.10 views

CVE-2022-31076

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates...

5.7CVSS6.4AI score0.00614EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/12/12 7:8 a.m.1 views

SUSE CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

5.4CVSS6.9AI score0.00377EPSS
Exploits0References3
OSV
OSV
added 2024/11/27 7:16 p.m.11 views

GO-2024-3284 PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb

PingCAP TiDB nil pointer dereference in github.com/pingcap/tidb. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...

5.4CVSS5.2AI score0.00377EPSS
Exploits0References5
OSV
OSV
added 2024/11/19 5:20 p.m.12 views

GO-2024-3277 Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes...

7.7CVSS7.5AI score0.00598EPSS
Exploits0References7
OSV
OSV
added 2024/06/25 9:31 p.m.4 views

GHSA-9G6G-XQV5-8G5W PingCAP TiDB nil pointer dereference

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

5.4CVSS5.3AI score0.00377EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/06/25 8:51 p.m.16 views

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

5.5CVSS7.1AI score0.00377EPSS
Exploits0References3
NVD
NVD
added 2024/06/25 7:15 p.m.9 views

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

5.4CVSS0.00377EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/25 12:0 a.m.14 views

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

7.1AI score0.00377EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/25 12:0 a.m.21 views

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

0.00377EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.39 views

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: arbitrary command execution via VCS path CVE-2018-7187 - golang: Command-line arguments may...

10AI score0.63229EPSS
Exploits13References37
Cvelist
Cvelist
added 2024/01/09 7:18 p.m.52 views

CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

4.3CVSS7.5AI score0.00864EPSS
Exploits1References4
OSV
OSV
added 2024/01/09 7:18 p.m.26 views

CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

4.3CVSS6.5AI score0.00864EPSS
Exploits1References6
CVE
CVE
added 2024/01/09 7:18 p.m.377 views

CVE-2024-21664

Technical details about CVE-2024-21664 are not publicly available in the provided connected documents. Monitor for updates; remediation in the initial description indicates patches in versions 2.0.19 and 1.2.28.

7.5CVSS7.2AI score0.00864EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/09 4:18 p.m.44 views

Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

7.5CVSS7AI score0.00864EPSS
Exploits1References6Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.5 views

PT-2024-19006 · Jwx · Jwx

Name of the Vulnerable Software and Affected Versions: jwx versions prior to 1.2.28 jwx versions prior to 2.0.19 Description: The issue arises when calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent, leading to a nil pointer dereference...

7.5CVSS6.5AI score0.00864EPSS
Exploits1References11
NVD
NVD
added 2023/10/31 4:15 p.m.30 views

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS7.4AI score0.00765EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/27 9:13 p.m.4 views

CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.7AI score0.01116EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/06/27 8:10 p.m.9 views

CVE-2022-31077 Malicious response from KubeEdge can crash CSI Driver controller server

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

4CVSS4.7AI score0.00761EPSS
Exploits0References3
Rows per page
Query Builder