Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6992 | 1 Cloudflare | 1 Zlib | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc ...
Show More |
|||||
| CVE-2023-6888 | 1 Phz76 | 1 Rtspserver | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-6873 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-11-21 | N/A | 8.8 HIGH |
|
Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.
|
|||||
| CVE-2023-6864 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
|
|||||
| CVE-2023-6861 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
|
|||||
| CVE-2023-6856 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
|
|||||
| CVE-2023-6779 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2024-11-21 | N/A | 8.2 HIGH |
|
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
|
|||||
| CVE-2023-6387 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 7.5 HIGH |
|
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution
|
|||||
| CVE-2023-6314 | 1 Panasonic | 1 Fpwin Pro | 2024-11-21 | N/A | 7.8 HIGH |
|
Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
|
|||||
| CVE-2023-6246 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2024-11-21 | N/A | 8.4 HIGH |
|
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
|
|||||
| CVE-2023-6234 | 1 Canon | 58 I-sensys Lbp673cdw, I-sensys Lbp673cdw Firmware, I-sensys Mf752cdw and 55 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSY ...
Show More |
|||||
| CVE-2023-6233 | 1 Canon | 58 I-sensys Lbp673cdw, I-sensys Lbp673cdw Firmware, I-sensys Mf752cdw and 55 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw ...
Show More |
|||||
| CVE-2023-6232 | 1 Canon | 58 I-sensys Lbp673cdw, I-sensys Lbp673cdw Firmware, I-sensys Mf752cdw and 55 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v ...
Show More |
|||||
| CVE-2023-6231 | 1 Canon | 58 I-sensys Lbp673cdw, I-sensys Lbp673cdw Firmware, I-sensys Mf752cdw and 55 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C13 ...
Show More |
|||||
| CVE-2023-6230 | 1 Canon | 58 I-sensys Lbp673cdw, I-sensys Lbp673cdw Firmware, I-sensys Mf752cdw and 55 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v ...
Show More |
|||||
| CVE-2023-6229 | 1 Canon | 58 I-sensys Lbp673cdw, I-sensys Lbp673cdw Firmware, I-sensys Mf752cdw and 55 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP6 ...
Show More |
|||||
| CVE-2023-6228 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A | 3.3 LOW |
|
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
|
|||||
| CVE-2023-6213 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 8.8 HIGH |
|
Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.
|
|||||
| CVE-2023-6212 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
|
|||||
| CVE-2023-6178 | 1 Tenable | 1 Nessus | 2024-11-21 | N/A | 6.8 MEDIUM |
|
An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.
|
|||||
| CVE-2023-6062 | 1 Tenable | 1 Nessus | 2024-11-21 | N/A | 6.8 MEDIUM |
|
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.
|
|||||
| CVE-2023-5944 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | N/A | 7.8 HIGH |
|
Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file.
|
|||||
| CVE-2023-5941 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. ...
Show More |
|||||
| CVE-2023-5912 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
|
A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables.
|
|||||
| CVE-2023-5731 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.
|
|||||
| CVE-2023-5730 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
|
|||||
| CVE-2023-5686 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | N/A | 8.8 HIGH |
|
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
|
|||||
| CVE-2023-5593 | 1 Zyxel | 1 Secuextender Ssl Vpn | 2024-11-21 | N/A | 7.8 HIGH |
|
The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.
|
|||||
| CVE-2023-5568 | 1 Samba | 1 Samba | 2024-11-21 | N/A | 5.9 MEDIUM |
|
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
|
|||||
| CVE-2023-5406 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
|
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
|
|||||
| CVE-2023-5405 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
|
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
|
|||||
| CVE-2023-5180 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | N/A | 7.8 HIGH |
|
An issue was discovered in Open Design Alliance
Drawings SDK before 2024.12. A corrupted value of number
of sectors used by the Fat structure in a crafted DGN file leads to an
out-of-bounds write. An attacker can leverage this vulnerability to execute
code in the context of the current process.
|
|||||
| CVE-2023-5169 | 3 Debian, Fedoraproject, Mozilla | 5 Debian Linux, Fedora, Firefox and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
|
|||||
| CVE-2023-5131 | 1 Deltaww | 1 Ispsoft | 2024-11-21 | 7.3 HIGH | 8.2 HIGH |
|
A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
|
|||||
| CVE-2023-5068 | 1 Deltaww | 1 Diascreen | 2024-11-21 | N/A | 7.8 HIGH |
|
Delta Electronics DIAScreen may write past the end of an allocated
buffer while parsing a specially crafted input file. This could allow an
attacker to execute code in the context of the current process.
|
|||||
| CVE-2023-5055 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 8.3 HIGH |
|
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
|
|||||
| CVE-2023-52309 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | N/A | 8.2 HIGH |
|
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
|
|||||
| CVE-2023-52307 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | N/A | 8.2 HIGH |
|
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
|
|||||
| CVE-2023-52304 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | N/A | 8.2 HIGH |
|
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
|
|||||
| CVE-2023-52277 | 1 Royalapps | 1 Royaltsx | 2024-11-21 | N/A | 7.8 HIGH |
|
Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection.
|
|||||