Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40389 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data. | |||||
| CVE-2023-40146 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 6.8 MEDIUM |
| A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. | |||||
| CVE-2023-39804 | 1 Gnu | 1 Tar | 2025-11-04 | N/A | 6.2 MEDIUM |
| In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. | |||||
| CVE-2023-39541 | 1 Weston-embedded | 1 Uc-tcp-ip | 2025-11-04 | N/A | 5.9 MEDIUM |
| A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet. | |||||
| CVE-2023-39540 | 1 Weston-embedded | 1 Uc-tcp-ip | 2025-11-04 | N/A | 5.9 MEDIUM |
| A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet. | |||||
| CVE-2023-39444 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. | |||||
| CVE-2023-39443 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. | |||||
| CVE-2023-39414 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.0 HIGH |
| Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation. | |||||
| CVE-2023-39413 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.0 HIGH |
| Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation. | |||||
| CVE-2023-39367 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 9.1 CRITICAL |
| An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-39317 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_lens` array. | |||||
| CVE-2023-39316 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array. | |||||
| CVE-2023-39275 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array. | |||||
| CVE-2023-39274 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. | |||||
| CVE-2023-39273 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. | |||||
| CVE-2023-39272 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. | |||||
| CVE-2023-39271 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array. | |||||
| CVE-2023-39270 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. | |||||
| CVE-2023-39235 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->num_time_ticks`. | |||||
| CVE-2023-39234 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
| Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->numrealfacs`. | |||||