Total
11612 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-34333 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 7.8 HIGH |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
CVE-2023-34332 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 7.8 HIGH |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
CVE-2023-34321 | 1 Xen | 1 Xen | 2024-11-21 | N/A | 3.3 LOW |
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. | |||||
CVE-2023-34087 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | |||||
CVE-2023-33867 | 1 Intel | 2 Realsense 450 Fa, Realsense 450 Fa Firmware | 2024-11-21 | N/A | 4.4 MEDIUM |
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-33106 | 1 Qualcomm | 306 Ar8035, Ar8035 Firmware, Csra6620 and 303 more | 2024-11-21 | N/A | 8.4 HIGH |
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | |||||
CVE-2023-33092 | 1 Qualcomm | 190 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 187 more | 2024-11-21 | N/A | 8.4 HIGH |
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. | |||||
CVE-2023-33079 | 1 Qualcomm | 288 Apq5053-aa, Apq5053-aa Firmware, Ar8035 and 285 more | 2024-11-21 | N/A | 7.8 HIGH |
Memory corruption in Audio while running invalid audio recording from ADSP. | |||||
CVE-2023-32887 | 1 Mediatek | 38 Mt2735, Mt6813, Mt6833 and 35 more | 2024-11-21 | N/A | 7.5 HIGH |
In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). | |||||
CVE-2023-32885 | 2 Google, Mediatek | 32 Android, Mt6761, Mt6765 and 29 more | 2024-11-21 | N/A | 6.7 MEDIUM |
In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685. | |||||
CVE-2023-32884 | 2 Google, Mediatek | 60 Android, Mt2713, Mt6580 and 57 more | 2024-11-21 | N/A | 6.7 MEDIUM |
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011. | |||||
CVE-2023-32656 | 1 Intel | 2 Realsense 450 Fa, Realsense 450 Fa Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-32331 | 2024-11-21 | N/A | 7.5 HIGH | ||
IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979. | |||||
CVE-2023-32270 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-11-21 | N/A | 7.8 HIGH |
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | |||||
CVE-2023-30431 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | N/A | 8.4 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184. | |||||
CVE-2023-30088 | 1 Cesanta | 1 Mjs | 2024-11-21 | N/A | 5.5 MEDIUM |
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. | |||||
CVE-2023-2970 | 1 Mindspore | 1 Mindspore | 2024-11-21 | 2.7 LOW | 3.5 LOW |
A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176. | |||||
CVE-2023-2794 | 2024-11-21 | N/A | 8.1 HIGH | ||
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver(). | |||||
CVE-2023-29932 | 1 Llvm | 1 Llvm | 2024-11-21 | N/A | 5.5 MEDIUM |
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. | |||||
CVE-2023-29420 | 1 Bzip3 Project | 1 Bzip3 | 2024-11-21 | N/A | 6.5 MEDIUM |
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block. |