Total
3128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21649 | 1 Qualcomm | 130 Apq8096au, Apq8096au Firmware, Aqt1000 and 127 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Memory corruption in WLAN while running doDriverCmd for an unspecific command. | |||||
| CVE-2023-21640 | 1 Qualcomm | 12 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 9 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Memory corruption in Linux when the file upload API is called with parameters having large buffer. | |||||
| CVE-2023-21639 | 1 Qualcomm | 44 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 41 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. | |||||
| CVE-2023-21635 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Csrb31024 and 95 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. | |||||
| CVE-2023-21517 | 1 Samsung | 1 Exynos | 2024-11-21 | N/A | 8.8 HIGH |
| Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. | |||||
| CVE-2023-21504 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.6 MEDIUM |
| Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | |||||
| CVE-2023-21503 | 1 Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 5.6 MEDIUM |
| Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | |||||
| CVE-2023-21494 | 1 Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 5.6 MEDIUM |
| Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | |||||
| CVE-2023-21406 | 1 Axis | 2 A1001, A1001 Firmware | 2024-11-21 | N/A | 7.1 HIGH |
| Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code. lease refer to the Axis security advisory for more information, mitigation and affected products and software versions. | |||||
| CVE-2023-21243 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-20189 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20168 | 1 Cisco | 84 Mds 9000, Mds 9100, Mds 9132t and 81 more | 2024-11-21 | N/A | 7.1 HIGH |
| A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2023-20162 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20161 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20160 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20159 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20158 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20157 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20156 | 1 Cisco | 458 Business 250-16p-2g, Business 250-16p-2g Firmware, Business 250-16t-2g and 455 more | 2024-11-21 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20032 | 3 Cisco, Clamav, Stormshield | 5 Secure Endpoint, Secure Endpoint Private Cloud, Web Security Appliance and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. | |||||