Total
2793 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4029 | 1 Lenovo | 52 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 49 more | 2024-08-02 | 6.7 Medium |
| A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2023-4028 | 1 Lenovo | 58 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 55 more | 2024-08-02 | 6.7 Medium |
| A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2023-4056 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Firefox Esr and 5 more | 2024-08-02 | 9.8 Critical |
| Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | ||||
| CVE-2023-3766 | 1 Cloudflare | 1 Odoh-rs | 2024-08-02 | 5.9 Medium |
| A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. | ||||
| CVE-2023-3725 | 1 Zephyrproject | 1 Zephyr | 2024-08-02 | 7.6 High |
| Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem | ||||
| CVE-2023-3618 | 3 Debian, Libtiff, Redhat | 3 Debian Linux, Libtiff, Enterprise Linux | 2024-08-02 | 6.5 Medium |
| A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. | ||||
| CVE-2023-3471 | 1 Panasonic | 1 Kw Watcher | 2024-08-02 | 8.6 High |
| Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | ||||
| CVE-2023-3494 | 1 Freebsd | 1 Freebsd | 2024-08-02 | 8.8 High |
| The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. | ||||
| CVE-2023-3346 | 1 Mitsubishielectric | 42 C80, C80 Firmware, E70 and 39 more | 2024-08-02 | 9.8 Critical |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery. | ||||
| CVE-2023-3164 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-08-02 | 5.5 Medium |
| A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. | ||||
| CVE-2023-3110 | 1 Silabs | 1 Unify Software Development Kit | 2024-08-02 | 9.6 Critical |
| Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
| CVE-2023-2857 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-02 | 5.3 Medium |
| BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | ||||
| CVE-2023-2686 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 9.8 Critical |
| Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | ||||
| CVE-2023-2597 | 1 Eclipse | 1 Openj9 | 2024-08-02 | 7 High |
| In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | ||||
| CVE-2023-0687 | 1 Gnu | 1 Glibc | 2024-08-02 | 4.6 Medium |
| A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. | ||||
| CVE-2023-1424 | 1 Mitsubishielectric | 78 Melsec Iq-fx5u-32mr\/ds, Melsec Iq-fx5u-32mr\/ds Firmware, Melsec Iq-fx5u-32mr\/dss and 75 more | 2024-08-02 | 10 Critical |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. | ||||
| CVE-2023-1560 | 1 Tinytiff Project | 1 Tinytiff | 2024-08-02 | 2.8 Low |
| A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability. | ||||
| CVE-2023-1452 | 1 Gpac | 1 Gpac | 2024-08-02 | 5.3 Medium |
| A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability. | ||||
| CVE-2023-1190 | 1 Imageinfo Project | 1 Imageinfo | 2024-08-02 | 4.8 Medium |
| A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0972 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-08-02 | 9.6 Critical |
| Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||