Total
13366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38545 | 4 Fedoraproject, Haxx, Microsoft and 1 more | 13 Fedora, Libcurl, Windows 10 1809 and 10 more | 2025-02-13 | N/A | 9.8 CRITICAL |
| This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. | |||||
| CVE-2023-34416 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-02-13 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||
| CVE-2023-31419 | 1 Elastic | 1 Elasticsearch | 2025-02-13 | N/A | 6.5 MEDIUM |
| A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | |||||
| CVE-2023-31130 | 3 C-ares Project, Debian, Fedoraproject | 3 C-ares, Debian Linux, Fedora | 2025-02-13 | N/A | 4.1 MEDIUM |
| c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | |||||
| CVE-2023-21255 | 2 Debian, Google | 2 Debian Linux, Android | 2025-02-13 | N/A | 7.8 HIGH |
| In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-34671 | 1 Nvidia | 7 Geforce, Gpu Display Driver, Nvs and 4 more | 2025-02-13 | N/A | 8.5 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service. | |||||
| CVE-2020-23258 | 1 Jsish | 1 Jsish | 2025-02-13 | N/A | 7.5 HIGH |
| An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | |||||
| CVE-2006-20001 | 1 Apache | 1 Http Server | 2025-02-13 | N/A | 7.5 HIGH |
| A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | |||||
| CVE-2023-26976 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-02-13 | N/A | 7.5 HIGH |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | |||||
| CVE-2023-20653 | 2 Google, Mediatek | 60 Android, Mt6580, Mt6731 and 57 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144. | |||||
| CVE-2023-20652 | 2 Google, Mediatek | 60 Android, Mt6580, Mt6731 and 57 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135. | |||||
| CVE-2023-25212 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-25211 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-25210 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24800 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24799 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24798 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24797 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-20670 | 2 Google, Mediatek | 46 Android, Mt2715, Mt6580 and 43 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710. | |||||
| CVE-2023-20666 | 2 Google, Mediatek | 11 Android, Mt6789, Mt6855 and 8 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173. | |||||