Vulnerabilities (CVE)

Filtered by CWE-119
Total 11612 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-34333 1 Ami 1 Megarac Sp-x 2024-11-21 N/A 7.8 HIGH
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
CVE-2023-34332 1 Ami 1 Megarac Sp-x 2024-11-21 N/A 7.8 HIGH
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
CVE-2023-34321 1 Xen 1 Xen 2024-11-21 N/A 3.3 LOW
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.
CVE-2023-34087 1 Tonybybell 1 Gtkwave 2024-11-21 N/A 7.8 HIGH
An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
CVE-2023-33867 1 Intel 2 Realsense 450 Fa, Realsense 450 Fa Firmware 2024-11-21 N/A 4.4 MEDIUM
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-33106 1 Qualcomm 306 Ar8035, Ar8035 Firmware, Csra6620 and 303 more 2024-11-21 N/A 8.4 HIGH
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
CVE-2023-33092 1 Qualcomm 190 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 187 more 2024-11-21 N/A 8.4 HIGH
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.
CVE-2023-33079 1 Qualcomm 288 Apq5053-aa, Apq5053-aa Firmware, Ar8035 and 285 more 2024-11-21 N/A 7.8 HIGH
Memory corruption in Audio while running invalid audio recording from ADSP.
CVE-2023-32887 1 Mediatek 38 Mt2735, Mt6813, Mt6833 and 35 more 2024-11-21 N/A 7.5 HIGH
In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).
CVE-2023-32885 2 Google, Mediatek 32 Android, Mt6761, Mt6765 and 29 more 2024-11-21 N/A 6.7 MEDIUM
In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.
CVE-2023-32884 2 Google, Mediatek 60 Android, Mt2713, Mt6580 and 57 more 2024-11-21 N/A 6.7 MEDIUM
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.
CVE-2023-32656 1 Intel 2 Realsense 450 Fa, Realsense 450 Fa Firmware 2024-11-21 N/A 5.3 MEDIUM
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32331 2024-11-21 N/A 7.5 HIGH
IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
CVE-2023-32270 1 Fujielectric 2 Tellus, Tellus Lite 2024-11-21 N/A 7.8 HIGH
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
CVE-2023-30431 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2024-11-21 N/A 8.4 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.
CVE-2023-30088 1 Cesanta 1 Mjs 2024-11-21 N/A 5.5 MEDIUM
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.
CVE-2023-2970 1 Mindspore 1 Mindspore 2024-11-21 2.7 LOW 3.5 LOW
A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.
CVE-2023-2794 2024-11-21 N/A 8.1 HIGH
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().
CVE-2023-29932 1 Llvm 1 Llvm 2024-11-21 N/A 5.5 MEDIUM
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
CVE-2023-29420 1 Bzip3 Project 1 Bzip3 2024-11-21 N/A 6.5 MEDIUM
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.