Total
3613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29414 | 1 Schneider-electric | 1 Accutech Manager | 2024-11-21 | N/A | 7.8 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call. | |||||
| CVE-2023-29177 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-11-21 | N/A | 6.7 MEDIUM |
| Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | |||||
| CVE-2023-28812 | 1 Hikvision | 1 Localservicecomponents | 2024-11-21 | N/A | 9.1 CRITICAL |
| There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. | |||||
| CVE-2023-28811 | 1 Hikvision | 79 Ds-7104ni-q1\(c\), Ds-7104ni-q1\(c\) Firmware, Ds-7104ni-q1\(d\) and 76 more | 2024-11-21 | N/A | 7.4 HIGH |
| There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. | |||||
| CVE-2023-28769 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | |||||
| CVE-2023-28741 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-11-21 | N/A | 7.9 HIGH |
| Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28736 | 1 Mdadm Project | 1 Mdadm | 2024-11-21 | N/A | 5.7 MEDIUM |
| Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28562 | 1 Qualcomm | 136 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 133 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Memory corruption while handling payloads from remote ESL. | |||||
| CVE-2023-28561 | 1 Qualcomm | 2 Qcn7606, Qcn7606 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Memory corruption in QESL while processing payload from external ESL device to firmware. | |||||
| CVE-2023-28560 | 1 Qualcomm | 534 8098, 8098 Firmware, 8998 and 531 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | |||||
| CVE-2023-28559 | 1 Qualcomm | 426 Aqt1000, Aqt1000 Firmware, Ar8031 and 423 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload. | |||||
| CVE-2023-28544 | 1 Qualcomm | 412 Aqt1000, Aqt1000 Firmware, Ar9380 and 409 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. | |||||
| CVE-2023-28116 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | N/A | 8.1 HIGH |
| Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually. | |||||
| CVE-2023-27989 | 1 Zyxel | 8 Lte7480-m804, Lte7480-m804 Firmware, Lte7490-m904 and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
| CVE-2023-27590 | 1 Rizin | 1 Rizin | 2024-11-21 | N/A | 7.8 HIGH |
| Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands. | |||||
| CVE-2023-26930 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” | |||||
| CVE-2023-26924 | 1 Llvm | 1 Llvm | 2024-11-21 | N/A | 5.5 MEDIUM |
| LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." | |||||
| CVE-2023-26769 | 1 Liblouis | 1 Liblouis | 2024-11-21 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. | |||||
| CVE-2023-26767 | 1 Liblouis | 1 Liblouis | 2024-11-21 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. | |||||
| CVE-2023-26616 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. | |||||