Total
10918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39435 | 1 Zavio | 22 B8220, B8220 Firmware, B8520 and 19 more | 2024-11-21 | N/A | 8.8 HIGH |
| Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | |||||
| CVE-2023-39431 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-11-21 | N/A | 7.8 HIGH |
| Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-39427 | 1 Ashlar | 5 Argon, Cobalt, Graphite and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-39419 | 1 Siemens | 1 Solid Edge | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39405 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.8 CRITICAL |
| Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges. | |||||
| CVE-2023-39352 | 3 Debian, Fedoraproject, Freerdp | 3 Debian Linux, Fedora, Freerdp | 2024-11-21 | N/A | 5.3 MEDIUM |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39283 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | N/A | 7.8 HIGH |
| An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation. | |||||
| CVE-2023-39281 | 3 Amd, Insyde, Intel | 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. | |||||
| CVE-2023-39280 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash. | |||||
| CVE-2023-39279 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. | |||||
| CVE-2023-39278 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash. | |||||
| CVE-2023-39277 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. | |||||
| CVE-2023-39276 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash. | |||||
| CVE-2023-39268 | 2 Arubanetworks, Hpe | 11 Aruba 2530, Aruba 2530ya, Aruba 2530yb and 8 more | 2024-11-21 | N/A | 4.5 MEDIUM |
| A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-39181 | 1 Siemens | 1 Solid Edge | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39130 | 1 Gnu | 1 Gdb | 2024-11-21 | N/A | 5.5 MEDIUM |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. | |||||
| CVE-2023-39128 | 1 Gnu | 1 Gdb | 2024-11-21 | N/A | 5.5 MEDIUM |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. | |||||
| CVE-2023-39125 | 1 Ntsc-crt Project | 1 Ntsc-crt | 2024-11-21 | N/A | 7.5 HIGH |
| NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs." | |||||
| CVE-2023-38961 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A | 9.8 CRITICAL |
| Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. | |||||
| CVE-2023-38940 | 1 Tenda | 6 F1203, F1203 Firmware, Fh1203 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | |||||