Total
12268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28545 | 1 Qualcomm | 408 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 405 more | 2024-11-21 | N/A | 8.2 HIGH |
| Memory corruption in TZ Secure OS while loading an app ELF. | |||||
| CVE-2023-28410 | 1 Intel | 1 I915 Graphics | 2024-11-21 | N/A | 8.8 HIGH |
| Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28391 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | N/A | 9.0 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-28383 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28379 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | N/A | 9.0 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-27506 | 1 Intel | 1 Optimization For Tensorflow | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27403 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348) | |||||
| CVE-2023-27286 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2024-11-21 | N/A | 8.4 HIGH |
| IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. | |||||
| CVE-2023-27285 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2024-11-21 | N/A | 8.4 HIGH |
| IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625. | |||||
| CVE-2023-27284 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2024-11-21 | N/A | 8.4 HIGH |
| IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. | |||||
| CVE-2023-25545 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2024-11-21 | N/A | 8.2 HIGH |
| Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2023-25527 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2023-25509 | 1 Nvidia | 2 Dgx-1, Sbios | 2024-11-21 | N/A | 6.0 MEDIUM |
| NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges. | |||||
| CVE-2023-24817 | 1 Riot-os | 1 Riot | 2024-11-21 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack. | |||||
| CVE-2023-24585 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | N/A | 7.7 HIGH |
| An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-24564 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069) | |||||
| CVE-2023-23567 | 1 Accusoft | 1 Imagegear | 2024-11-21 | N/A | 8.1 HIGH |
| A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-22882 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 6.5 MEDIUM |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | |||||
| CVE-2023-22881 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 6.5 MEDIUM |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | |||||
| CVE-2023-22313 | 1 Intel | 5 Qat Driver, Qat Driver Firmware, Quickassist Technology Driver and 2 more | 2024-11-21 | N/A | 2.3 LOW |
| Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. | |||||