Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30687 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-30686 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-30681 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
|
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
|
|||||
| CVE-2023-30670 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-30669 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-30668 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-30666 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
|
|||||
| CVE-2023-30653 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
|
|||||
| CVE-2023-30652 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
|
|||||
| CVE-2023-30651 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
|
|||||
| CVE-2023-30650 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
|
|||||
| CVE-2023-30649 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30648 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.
|
|||||
| CVE-2023-30647 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30646 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30645 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30644 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
|
|||||
| CVE-2023-30402 | 1 Yasm Project | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
|
YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
|
|||||
| CVE-2023-30187 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
|
|||||
| CVE-2023-2923 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-2911 | 4 Debian, Fedoraproject, Isc and 1 more | 14 Debian Linux, Fedora, Bind and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
|
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.
This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
|
|||||
| CVE-2023-2905 | 1 Cesanta | 1 Mongoose | 2024-11-21 | N/A | 8.8 HIGH |
|
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.
|
|||||
| CVE-2023-2873 | 2 Filseclab, Microsoft | 2 Twister Antivirus, Windows | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did n ...
Show More |
|||||
| CVE-2023-2798 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | N/A | 7.5 HIGH |
|
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
|
|||||
| CVE-2023-2763 | 1 3ds | 1 3dexperience Solidworks | 2024-11-21 | N/A | 7.8 HIGH |
|
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.
|
|||||
| CVE-2023-2687 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 2.9 LOW |
|
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.
|
|||||
| CVE-2023-2575 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
|
|||||
| CVE-2023-2569 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-11-21 | N/A | 7.8 HIGH |
|
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,
elevation of privilege, and potentially kernel execution when a malicious actor with local user
access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
|
|||||
| CVE-2023-2457 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | N/A | 8.8 HIGH |
|
Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)
|
|||||
| CVE-2023-2290 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | N/A | 6.4 MEDIUM |
|
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
|
|||||
| CVE-2023-2262 | 1 Rockwellautomation | 66 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 63 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
|
|||||
| CVE-2023-2137 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-2134 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-2133 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-2124 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
|
|||||
| CVE-2023-2072 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.
|
|||||
| CVE-2023-29583 | 1 Yasm Project | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
|
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
|
|||||
| CVE-2023-29582 | 1 Yasm Project | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
|
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
|
|||||
| CVE-2023-29579 | 1 Yasm Project | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
|
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
|
|||||
| CVE-2023-29464 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | N/A | 8.2 HIGH |
|
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial proto ...
Show More |
|||||