Total
2023 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38246 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2024-09-19 | 7 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-6146 | 1 Actiontec | 2 Wcb6200q, Wcb6200q Firmware | 2024-09-19 | 8.8 High |
| Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21418. | ||||
| CVE-2024-6144 | 1 Actiontec | 2 Wcb6200q, Wcb6200q Firmware | 2024-09-19 | 8.8 High |
| Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21416. | ||||
| CVE-2024-37984 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8.4 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37978 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-09-19 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37972 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-37971 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28928 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2024-37970 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28899 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-09-19 | 8.8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-44589 | 1 Dlink | 1 Dcs-960l Firmware | 2024-09-19 | 8.8 High |
| Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. | ||||
| CVE-2023-35012 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2024-09-19 | 6.7 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. | ||||
| CVE-2023-4756 | 1 Gpac | 1 Gpac | 2024-09-19 | 5.5 Medium |
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | ||||
| CVE-2023-32971 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-19 | 3.8 Low |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | ||||
| CVE-2023-32972 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-19 | 3.8 Low |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | ||||
| CVE-2023-45601 | 1 Siemens | 2 Parasolid, Tecnomatix | 2024-09-19 | 7.8 High |
| A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290) | ||||
| CVE-2023-44177 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-09-19 | 5.5 Medium |
| A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. | ||||
| CVE-2023-44176 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-09-19 | 5.5 Medium |
| A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. | ||||
| CVE-2024-5931 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 6.3 Medium |
| BT: Unchecked user input in bap_broadcast_assistant | ||||
| CVE-2024-6137 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2024-09-19 | 7.6 High |
| BT: Classic: SDP OOB access in get_att_search_list | ||||