Total
10918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33632 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. | |||||
| CVE-2023-33631 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. | |||||
| CVE-2023-33630 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm. | |||||
| CVE-2023-33629 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | |||||
| CVE-2023-33628 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. | |||||
| CVE-2023-33627 | 1 H3c | 2 Magic R300-2100m, Magic R300-2100m Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. | |||||
| CVE-2023-33626 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. | |||||
| CVE-2023-33613 | 1 Axtls Project | 1 Axtls | 2024-11-21 | N/A | 5.5 MEDIUM |
| axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key. | |||||
| CVE-2023-33552 | 1 Erofs-utils Project | 1 Erofs-utils | 2024-11-21 | N/A | 7.8 HIGH |
| Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. | |||||
| CVE-2023-33551 | 1 Erofs-utils Project | 1 Erofs-utils | 2024-11-21 | N/A | 7.8 HIGH |
| Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. | |||||
| CVE-2023-33546 | 1 Janino Project | 1 Janino | 2024-11-21 | N/A | 5.5 MEDIUM |
| Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input. | |||||
| CVE-2023-33485 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | |||||
| CVE-2023-33476 | 1 Readymedia Project | 1 Readymedia | 2024-11-21 | N/A | 9.8 CRITICAL |
| ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. | |||||
| CVE-2023-33375 | 1 Connectedio | 1 Connected Io | 2024-11-21 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. | |||||
| CVE-2023-33308 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. | |||||
| CVE-2023-33222 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | |||||
| CVE-2023-33221 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. | |||||
| CVE-2023-33220 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | |||||
| CVE-2023-33219 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | |||||
| CVE-2023-33218 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. | |||||