Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50984 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. | ||||
| CVE-2023-50965 | 1 Starnight | 1 Micro Http Server | 2024-11-21 | 9.8 Critical |
| In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI. | ||||
| CVE-2023-50807 | 2024-11-21 | 8.1 High | ||
| A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth). | ||||
| CVE-2023-50671 | 1 Aertherwide | 1 Exiftags | 2024-11-21 | 7.8 High |
| In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. | ||||
| CVE-2023-50585 | 1 Tenda | 2 A18, A18 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | ||||
| CVE-2023-50572 | 1 Jline | 1 Jline | 2024-11-21 | 5.5 Medium |
| An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | ||||
| CVE-2023-50330 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2023-50244 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter. | ||||
| CVE-2023-50243 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter. | ||||
| CVE-2023-50240 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter. | ||||
| CVE-2023-50239 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | 7.2 High |
| Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter. | ||||
| CVE-2023-50227 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | N/A |
| Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the hypervisor. . Was ZDI-CAN-21260. | ||||
| CVE-2023-50190 | 2024-11-21 | N/A | ||
| Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21784. | ||||
| CVE-2023-50002 | 1 Tenda | 2 W30e, W30e Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. | ||||
| CVE-2023-50001 | 1 Tenda | 2 W30e, W30e Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. | ||||
| CVE-2023-50000 | 1 Tenda | 2 W30e, W30e Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. | ||||
| CVE-2023-4949 | 2 Gnu, Xen | 2 Grub, Xen | 2024-11-21 | 8.1 High |
| An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. | ||||
| CVE-2023-4756 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
| CVE-2023-4754 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
| CVE-2023-4744 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability. | ||||