Total
10850 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20694 | 3 Google, Mediatek, Openwrt | 43 Android, Mt6580, Mt6739 and 40 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only). | |||||
| CVE-2023-36271 | 1 Gnu | 1 Libredwg | 2024-02-28 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | |||||
| CVE-2023-25860 | 1 Adobe | 1 Illustrator | 2024-02-28 | N/A | 7.8 HIGH |
| Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-48240 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-28 | N/A | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | |||||
| CVE-2023-25111 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable. | |||||
| CVE-2023-33629 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | |||||
| CVE-2023-30368 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. | |||||
| CVE-2023-37248 | 1 Siemens | 1 Tecnomatix | 2024-02-28 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155) | |||||
| CVE-2022-37369 | 1 Tracker-software | 1 Pdf-xchange Editor | 2024-02-28 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17724. | |||||
| CVE-2023-2854 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | N/A | 6.5 MEDIUM |
| BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | |||||
| CVE-2023-30648 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system. | |||||
| CVE-2023-34568 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-02-28 | N/A | 6.7 MEDIUM |
| Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. | |||||
| CVE-2023-33670 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. | |||||
| CVE-2020-23260 | 1 Jsish | 1 Jsish | 2024-02-28 | N/A | 7.5 HIGH |
| An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. | |||||
| CVE-2023-30414 | 1 Jerryscript | 1 Jerryscript | 2024-02-28 | N/A | 5.5 MEDIUM |
| Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. | |||||
| CVE-2023-30775 | 1 Libtiff | 1 Libtiff | 2024-02-28 | N/A | 5.5 MEDIUM |
| A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. | |||||
| CVE-2023-20701 | 2 Google, Mediatek | 28 Android, Mt6762, Mt6765 and 25 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270. | |||||
| CVE-2023-26496 | 1 Samsung | 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Memory corruption can occur due to improper checking of the parameter length while parsing the fmtp attribute in the SDP (Session Description Protocol) module. | |||||
| CVE-2023-34416 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||
| CVE-2023-37712 | 1 Tenda | 6 Ac1206, Ac1206 Firmware, F1202 and 3 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function. | |||||