Total
10958 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32216 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113. | |||||
| CVE-2023-32215 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-32209 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 7.5 HIGH |
| A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. | |||||
| CVE-2023-32203 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | N/A | 7.8 HIGH |
| Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-32201 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-11-21 | N/A | 7.8 HIGH |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273. | |||||
| CVE-2023-32161 | 2024-11-21 | N/A | 7.8 HIGH | ||
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17778. | |||||
| CVE-2023-32160 | 2024-11-21 | N/A | 7.8 HIGH | ||
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17767. | |||||
| CVE-2023-32159 | 2024-11-21 | N/A | 7.8 HIGH | ||
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17765. | |||||
| CVE-2023-32158 | 2024-11-21 | N/A | 7.8 HIGH | ||
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17764. | |||||
| CVE-2023-32155 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-20733. | |||||
| CVE-2023-32154 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19797. | |||||
| CVE-2023-32133 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15628. | |||||
| CVE-2023-32132 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM images. Crafted data in a DCM image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15627. | |||||
| CVE-2023-32131 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM images. Crafted data in a DCM image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15626. | |||||
| CVE-2023-32111 | 1 Sap | 1 Powerdesigner Proxy | 2024-11-21 | N/A | 7.5 HIGH |
| In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application. | |||||
| CVE-2023-31998 | 1 Ui | 4 Aircube, Aircube Firmware, Edgemax Edgerouter and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. | |||||
| CVE-2023-31982 | 1 Irontec | 1 Sngrep | 2024-11-21 | N/A | 7.8 HIGH |
| Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. | |||||
| CVE-2023-31981 | 1 Irontec | 1 Sngrep | 2024-11-21 | N/A | 7.8 HIGH |
| Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. | |||||
| CVE-2023-31976 | 1 Libming | 1 Libming | 2024-11-21 | N/A | 8.8 HIGH |
| libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c. | |||||
| CVE-2023-31922 | 1 Quickjs Project | 1 Quickjs | 2024-11-21 | N/A | 7.5 HIGH |
| QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c. | |||||