Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3494 | 1 Freebsd | 1 Freebsd | 2024-02-28 | N/A | 8.8 HIGH |
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. | |||||
CVE-2023-28209 | 1 Apple | 1 Macos | 2024-02-28 | N/A | 7.8 HIGH |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | |||||
CVE-2023-39745 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
CVE-2023-4263 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | N/A | 8.8 HIGH |
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | |||||
CVE-2023-35802 | 1 Extremenetworks | 29 Ap1130, Ap122, Ap130 and 26 more | 2024-02-28 | N/A | 9.8 CRITICAL |
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit. | |||||
CVE-2020-24292 | 1 Freeimage Project | 1 Freeimage | 2024-02-28 | N/A | 8.8 HIGH |
Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. | |||||
CVE-2023-31431 | 1 Broadcom | 1 Brocade Fabric Operating System | 2024-02-28 | N/A | 5.5 MEDIUM |
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. | |||||
CVE-2023-36481 | 1 Samsung | 26 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 23 more | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop. | |||||
CVE-2023-40997 | 1 O-ran-sc | 1 Ric Message Router | 2024-02-28 | N/A | 7.5 HIGH |
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. | |||||
CVE-2023-5748 | 1 Synology | 1 Ssl Vpn Client | 2024-02-28 | N/A | 5.5 MEDIUM |
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. | |||||
CVE-2023-37793 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp. | |||||
CVE-2020-24295 | 1 Freeimage Project | 1 Freeimage | 2024-02-28 | N/A | 8.8 HIGH |
Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file. | |||||
CVE-2023-39672 | 1 Tenda | 2 Wh450a, Wh450a Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets. | |||||
CVE-2023-40998 | 1 O-ran-sc | 1 Ric Message Router | 2024-02-28 | N/A | 7.5 HIGH |
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. | |||||
CVE-2020-35990 | 1 Foxit | 1 Pdf Reader | 2024-02-28 | N/A | 5.5 MEDIUM |
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. | |||||
CVE-2023-42278 | 1 Hutool | 1 Hutool | 2024-02-28 | N/A | 7.5 HIGH |
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). | |||||
CVE-2023-35981 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-02-28 | N/A | 9.8 CRITICAL |
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
CVE-2021-32422 | 1 Dpic Project | 1 Dpic | 2024-02-28 | N/A | 7.5 HIGH |
dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array. | |||||
CVE-2022-48475 | 1 Cbm | 1 Control De Ciber | 2024-02-28 | N/A | 8.8 HIGH |
Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request. | |||||
CVE-2020-25887 | 1 Cesanta | 1 Mongoose | 2024-02-28 | N/A | 8.8 HIGH |
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. |