Total
2590 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43542 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. | |||||
| CVE-2023-43540 | 2024-11-21 | N/A | 8.4 HIGH | ||
| Memory corruption while processing the IOCTL FM HCI WRITE request. | |||||
| CVE-2023-43538 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization. | |||||
| CVE-2023-43526 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. | |||||
| CVE-2023-43525 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Memory corruption while copying the sound model data from user to kernel buffer during sound model register. | |||||
| CVE-2023-43524 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Memory corruption when the bandpass filter order received from AHAL is not within the expected range. | |||||
| CVE-2023-43519 | 1 Qualcomm | 268 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 265 more | 2024-11-21 | N/A | 7.3 HIGH |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. | |||||
| CVE-2023-43515 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled. | |||||
| CVE-2023-43314 | 1 Zyxel | 2 Pmg2005-t20b, Pmg2005-t20b Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid. | |||||
| CVE-2023-43250 | 1 Xnview | 1 Nconvert | 2024-11-21 | N/A | 7.8 HIGH |
| XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | |||||
| CVE-2023-43131 | 1 Maxiguvenlik | 1 General Device Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. | |||||
| CVE-2023-42801 | 1 Moonlight-stream | 8 Moonlight, Moonlight-common-c, Moonlight Embedded and 5 more | 2024-11-21 | N/A | 7.6 HIGH |
| Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client. Achieving RCE is possible but unlikely, due to stack canaries in use by modern compiler toolchains. The published binaries for official clients Qt, Android, iOS/tvOS, and Embedded are built with stack canaries, but some unofficial clients may not use stack canaries. This vulnerability takes place after the pairing process, so it requires the client to be tricked into pairing to a malicious host. It is not possible to perform using a man-in-the-middle due to public key pinning that takes place during the pairing process. The bug was addressed in commit b2497a3918a6d79808d9fd0c04734786e70d5954. | |||||
| CVE-2023-42800 | 1 Moonlight-stream | 7 Moonlight, Moonlight-common-c, Moonlight Embedded and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
| Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0. | |||||
| CVE-2023-42799 | 1 Moonlight-stream | 7 Moonlight, Moonlight-common-c, Moonlight Embedded and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
| Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 02b7742f4d19631024bd766bd2bb76715780004e. | |||||
| CVE-2023-42320 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. | |||||
| CVE-2023-42299 | 1 Openimageio | 1 Openimageio | 2024-11-21 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. | |||||
| CVE-2023-42278 | 1 Hutool | 1 Hutool | 2024-11-21 | N/A | 7.5 HIGH |
| hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). | |||||
| CVE-2023-42277 | 1 Hutool | 1 Hutool | 2024-11-21 | N/A | 9.8 CRITICAL |
| hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. | |||||
| CVE-2023-42276 | 1 Hutool | 1 Hutool | 2024-11-21 | N/A | 9.8 CRITICAL |
| hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. | |||||
| CVE-2023-41913 | 1 Strongswan | 1 Strongswan | 2024-11-21 | N/A | 9.8 CRITICAL |
| strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | |||||