Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3138 | 2 Redhat, X.org | 3 Enterprise Linux, Rhel Eus, Libx11 | 2024-11-21 | 7.5 High |
| A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. | ||||
| CVE-2023-3043 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 9.6 Critical |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2023-3024 | 2 Qualcomm, Silabs | 9 Aqt1000, Csrb31024, Wcd9370 and 6 more | 2024-11-21 | 5.9 Medium |
| Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | ||||
| CVE-2023-39985 | 1 Hitachi | 1 Eh-view | 2024-11-21 | 7.8 High |
| ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-39829 | 1 Tenda | 2 A18, A18 Firmware | 2024-11-21 | 7.5 High |
| Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function. | ||||
| CVE-2023-39828 | 1 Tenda | 2 A18, A18 Firmware | 2024-11-21 | 7.5 High |
| Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. | ||||
| CVE-2023-39827 | 1 Tenda | 2 A18, A18 Firmware | 2024-11-21 | 7.5 High |
| Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function. | ||||
| CVE-2023-39786 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2024-11-21 | 7.5 High |
| Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function. | ||||
| CVE-2023-39785 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2024-11-21 | 7.5 High |
| Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function. | ||||
| CVE-2023-39784 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2024-11-21 | 7.5 High |
| Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function. | ||||
| CVE-2023-39751 | 1 Tp-link | 3 Tl-wr941nd, Tl-wr941nd V6, Tl-wr941nd V6 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. | ||||
| CVE-2023-39741 | 1 Long Range Zip Project | 1 Long Range Zip | 2024-11-21 | 5.5 Medium |
| lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2023-39502 | 2024-11-21 | N/A | ||
| PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20035. | ||||
| CVE-2023-39500 | 2024-11-21 | N/A | ||
| PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19950. | ||||
| CVE-2023-39499 | 2024-11-21 | N/A | ||
| PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19949. | ||||
| CVE-2023-39498 | 2024-11-21 | N/A | ||
| PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19948. | ||||
| CVE-2023-39497 | 2024-11-21 | N/A | ||
| PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19947. | ||||
| CVE-2023-39490 | 2024-11-21 | N/A | ||
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19636. | ||||
| CVE-2023-39489 | 2024-11-21 | N/A | ||
| PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19488. | ||||
| CVE-2023-39485 | 2024-11-21 | N/A | ||
| PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19189. | ||||