Total
3806 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50268 | 1 Jqlang | 1 Jq | 2024-11-21 | N/A | 6.2 MEDIUM |
| jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue. | |||||
| CVE-2023-50245 | 1 Afichet | 1 Openexr Viewer | 2024-11-21 | N/A | 9.8 CRITICAL |
| OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1. | |||||
| CVE-2023-50096 | 1 St | 1 X-cube-safea1 | 2024-11-21 | N/A | 7.5 HIGH |
| STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application. | |||||
| CVE-2023-50044 | 1 Cesanta | 1 Mjs | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | |||||
| CVE-2023-4590 | 1 Kimmov | 1 Frhed | 2024-11-21 | N/A | 7.3 HIGH |
| Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers. | |||||
| CVE-2023-4452 | 1 Moxa | 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. | |||||
| CVE-2023-4424 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 8.3 HIGH |
| An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. | |||||
| CVE-2023-4397 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device. | |||||
| CVE-2023-4265 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 6.4 MEDIUM |
| Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 | |||||
| CVE-2023-4263 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 7.6 HIGH |
| Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | |||||
| CVE-2023-4259 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 7.1 HIGH |
| Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. | |||||
| CVE-2023-4257 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 7.6 HIGH |
| Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. | |||||
| CVE-2023-4055 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-11-21 | N/A | 7.5 HIGH |
| When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-4041 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | N/A | 9.8 CRITICAL |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. | |||||
| CVE-2023-4029 | 1 Lenovo | 52 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 49 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2023-4028 | 1 Lenovo | 58 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 55 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2023-49700 | 1 Asrmicro | 4 Asr1803, Asr1803 Firmware, Asr1806 and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large. | |||||
| CVE-2023-49468 | 1 Struktur | 1 Libde265 | 2024-11-21 | N/A | 8.8 HIGH |
| Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. | |||||
| CVE-2023-49287 | 1 Cxong | 1 Tinydir | 2024-11-21 | N/A | 7.7 HIGH |
| TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6. | |||||
| CVE-2023-48704 | 1 Clickhouse | 2 Clickhouse, Clickhouse Cloud | 2024-11-21 | N/A | 7.0 HIGH |
| ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. | |||||