Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45345 | 1 Webcamserver Project | 1 Webcamserver | 2024-02-28 | N/A | 7.5 HIGH |
Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file. | |||||
CVE-2023-33457 | 1 Sogou | 1 C\+\+ Workflow | 2024-02-28 | N/A | 8.8 HIGH |
In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. | |||||
CVE-2023-27518 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. | |||||
CVE-2023-20156 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-47464 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-28 | N/A | 5.5 MEDIUM |
In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. | |||||
CVE-2023-22924 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2024-02-28 | N/A | 4.9 MEDIUM |
A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | |||||
CVE-2022-27643 | 1 Netgear | 54 D6220, D6220 Firmware, D6400 and 51 more | 2024-02-28 | N/A | 8.8 HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692. | |||||
CVE-2023-27968 | 1 Apple | 1 Macos | 2024-02-28 | N/A | 7.1 HIGH |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | |||||
CVE-2023-33010 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | |||||
CVE-2023-36377 | 1 Osslsigncode Project | 1 Osslsigncode | 2024-02-28 | N/A | 7.8 HIGH |
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. | |||||
CVE-2021-46884 | 1 Huawei | 1 Emui | 2024-02-28 | N/A | 7.5 HIGH |
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | |||||
CVE-2022-47335 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-28 | N/A | 5.5 MEDIUM |
In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. | |||||
CVE-2021-44283 | 1 Shieldstore Project | 1 Shieldstore | 2024-02-28 | N/A | 7.5 HIGH |
A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system. | |||||
CVE-2023-21494 | 1 Samsung | 2 Android, Exynos | 2024-02-28 | N/A | 9.8 CRITICAL |
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | |||||
CVE-2022-43507 | 1 Intel | 1 Quickassist Technology Engine | 2024-02-28 | N/A | 8.8 HIGH |
Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
CVE-2023-22785 | 1 Hp | 2 Arubaos, Instantos | 2024-02-28 | N/A | 9.8 CRITICAL |
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
CVE-2021-45039 | 1 Uniview | 1 Camera Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command. | |||||
CVE-2023-20162 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2023-23302 | 1 Garmin | 1 Connect-iq | 2024-02-28 | N/A | 9.8 CRITICAL |
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | |||||
CVE-2022-44232 | 1 Libming | 1 Libming | 2024-02-28 | N/A | 7.5 HIGH |
libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427. |