Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49285 | 1 Squid-cache | 1 Squid | 2024-11-21 | N/A | 8.6 HIGH |
|
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-49127 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
|
|||||
| CVE-2023-49126 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
|
|||||
| CVE-2023-49125 | 1 Siemens | 3 Parasolid, Solid Edge Se2023, Solid Edge Se2024 | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the cu ...
Show More |
|||||
| CVE-2023-49124 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
|
|||||
| CVE-2023-49118 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 2.9 LOW |
|
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
|
|||||
| CVE-2023-49100 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
|
Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the conte ...
Show More |
|||||
| CVE-2023-48736 | 1 Color | 1 Demoiccmax | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.
|
|||||
| CVE-2023-48638 | 1 Adobe | 1 Substance 3d Designer | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-48637 | 1 Adobe | 1 Substance 3d Designer | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-48636 | 1 Adobe | 1 Substance 3d Designer | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-48635 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-48422 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48415 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48413 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.9 MEDIUM |
|
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48411 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48410 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48408 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48404 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48401 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48399 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48398 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48397 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.9 MEDIUM |
|
In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-48025 | 1 Howerj | 1 Liblisp | 2024-11-21 | N/A | 8.1 HIGH |
|
Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c
|
|||||
| CVE-2023-47585 | 1 Fujielectric | 1 V-server | 2024-11-21 | N/A | 7.8 HIGH |
|
Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
|
|||||
| CVE-2023-47583 | 1 Fujielectric | 1 Tellus | 2024-11-21 | N/A | 7.8 HIGH |
|
Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed.
|
|||||
| CVE-2023-47581 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-11-21 | N/A | 7.8 HIGH |
|
Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed.
|
|||||
| CVE-2023-47456 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
|
|||||
| CVE-2023-47264 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (forme ...
Show More |
|||||
| CVE-2023-47081 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47080 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47079 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47078 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47077 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47074 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47071 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47069 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47068 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47067 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-47066 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||