Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49129 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49128 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49123 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49122 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49121 | 1 Siemens | 1 Solid Edge Se2023 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-49073 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2023-49047 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. | ||||
| CVE-2023-49044 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. | ||||
| CVE-2023-49043 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. | ||||
| CVE-2023-49042 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. | ||||
| CVE-2023-49007 | 1 Netgear | 2 Rbr750, Rbr750 Firmware | 2024-11-21 | 9.8 Critical |
| In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. | ||||
| CVE-2023-48964 | 1 Tenda | 2 I6, I6 Firmware | 2024-11-21 | 7.5 High |
| Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. | ||||
| CVE-2023-48963 | 1 Tenda | 2 I6, I6 Firmware | 2024-11-21 | 7.5 High |
| Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. | ||||
| CVE-2023-48945 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-48704 | 1 Clickhouse | 2 Clickhouse, Clickhouse Cloud | 2024-11-21 | 7 High |
| ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. | ||||
| CVE-2023-48697 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-11-21 | 6.4 Medium |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48695 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-11-21 | 7.2 High |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48692 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2024-11-21 | 9.1 Critical |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48691 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2024-11-21 | 8.1 High |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48639 | 1 Adobe | 1 Substance 3d Designer | 2024-11-21 | 7.8 High |
| Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||