Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50245 | 1 Afichet | 1 Openexr Viewer | 2024-11-21 | N/A | 9.8 CRITICAL |
|
OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1.
|
|||||
| CVE-2023-50096 | 1 St | 1 X-cube-safea1 | 2024-11-21 | N/A | 7.5 HIGH |
|
STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.
|
|||||
| CVE-2023-50044 | 1 Cesanta | 1 Mjs | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
|
|||||
| CVE-2023-4590 | 1 Kimmov | 1 Frhed | 2024-11-21 | N/A | 7.3 HIGH |
|
Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.
|
|||||
| CVE-2023-4452 | 1 Moxa | 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.
|
|||||
| CVE-2023-4424 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 8.3 HIGH |
|
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
|
|||||
| CVE-2023-4397 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
|
|||||
| CVE-2023-4265 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Potential buffer overflow vulnerabilities in the following locations:
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841
|
|||||
| CVE-2023-4263 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 7.6 HIGH |
|
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
|
|||||
| CVE-2023-4259 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 7.1 HIGH |
|
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
|
|||||
| CVE-2023-4257 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 7.6 HIGH |
|
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
|
|||||
| CVE-2023-4055 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-11-21 | N/A | 7.5 HIGH |
|
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
|
|||||
| CVE-2023-4041 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.
|
|||||
| CVE-2023-4029 | 1 Lenovo | 52 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 49 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
|
|||||
| CVE-2023-4028 | 1 Lenovo | 58 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 55 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
|
|||||
| CVE-2023-49700 | 1 Asrmicro | 4 Asr1803, Asr1803 Firmware, Asr1806 and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.
|
|||||
| CVE-2023-49468 | 1 Struktur | 1 Libde265 | 2024-11-21 | N/A | 8.8 HIGH |
|
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
|
|||||
| CVE-2023-49287 | 1 Cxong | 1 Tinydir | 2024-11-21 | N/A | 7.7 HIGH |
|
TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.
|
|||||
| CVE-2023-48704 | 1 Clickhouse | 2 Clickhouse, Clickhouse Cloud | 2024-11-21 | N/A | 7.0 HIGH |
|
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickH ...
Show More |
|||||
| CVE-2023-47625 | 1 Dronecode | 1 Px4 Drone Autopilot | 2024-11-21 | N/A | 2.9 LOW |
|
PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.1 ...
Show More |
|||||
| CVE-2023-47610 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | N/A | 8.1 HIGH |
|
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
|
|||||
| CVE-2023-47471 | 1 Struktur | 1 Libde265 | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.
|
|||||
| CVE-2023-47347 | 1 Free5gc | 1 Free5gc | 2024-11-21 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.
|
|||||
| CVE-2023-47346 | 1 Free5gc | 3 Free5gc, Smf, Upf | 2024-11-21 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.
|
|||||
| CVE-2023-47345 | 1 Free5gc | 1 Free5gc | 2024-11-21 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.
|
|||||
| CVE-2023-47307 | 1 Szlbt | 2 Lbt-t300-t310, Lbt-t300-t310 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter.
|
|||||
| CVE-2023-47217 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 4.0 MEDIUM |
|
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.
|
|||||
| CVE-2023-46960 | 2024-11-21 | N/A | 8.6 HIGH | ||
|
Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacker to cause a denial of service via the handle function in the tftp module.
|
|||||
| CVE-2023-46852 | 1 Memcached | 1 Memcached | 2024-11-21 | N/A | 7.5 HIGH |
|
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
|
|||||
| CVE-2023-46847 | 2 Redhat, Squid-cache | 10 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 7 more | 2024-11-21 | N/A | 8.6 HIGH |
|
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
|
|||||
| CVE-2023-46587 | 1 Xnview | 1 Xnview | 2024-11-21 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
|
|||||
| CVE-2023-46566 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.
|
|||||
| CVE-2023-46565 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.
|
|||||
| CVE-2023-46363 | 1 Jbig2enc Project | 1 Jbig2enc | 2024-11-21 | N/A | 5.5 MEDIUM |
|
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.
|
|||||
| CVE-2023-46284 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Upda ...
Show More |
|||||
| CVE-2023-46283 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Upda ...
Show More |
|||||
| CVE-2023-46256 | 1 Dronecode | 1 Px4 Drone Autopilot | 2024-11-21 | N/A | 4.4 MEDIUM |
|
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized ...
Show More |
|||||
| CVE-2023-46001 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.
|
|||||
| CVE-2023-45797 | 1 Dreamsecurity | 1 Magicline 4.0 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.
|
|||||
| CVE-2023-45616 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-11-21 | N/A | 9.8 CRITICAL |
|
There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|
|||||