Total
3021 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21640 | 1 Qualcomm | 12 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 9 more | 2024-08-02 | 6.7 Medium |
| Memory corruption in Linux when the file upload API is called with parameters having large buffer. | ||||
| CVE-2023-21639 | 1 Qualcomm | 44 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 41 more | 2024-08-02 | 6.7 Medium |
| Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. | ||||
| CVE-2023-21517 | 1 Samsung | 1 Exynos | 2024-08-02 | 8.8 High |
| Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. | ||||
| CVE-2023-21504 | 1 Samsung | 1 Android | 2024-08-02 | 5.6 Medium |
| Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||||
| CVE-2023-21503 | 1 Samsung | 2 Android, Exynos | 2024-08-02 | 5.6 Medium |
| Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||||
| CVE-2023-21494 | 1 Samsung | 2 Android, Exynos | 2024-08-02 | 5.6 Medium |
| Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||||
| CVE-2023-20624 | 2 Google, Mediatek | 16 Android, Mt6789, Mt6833 and 13 more | 2024-08-02 | 6.7 Medium |
| In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530. | ||||
| CVE-2023-20168 | 1 Cisco | 84 Mds 9000, Mds 9100, Mds 9132t and 81 more | 2024-08-02 | 7.1 High |
| A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. | ||||
| CVE-2023-20032 | 3 Cisco, Clamav, Stormshield | 5 Secure Endpoint, Secure Endpoint Private Cloud, Web Security Appliance and 2 more | 2024-08-02 | 9.8 Critical |
| On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. | ||||
| CVE-2023-20007 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-08-02 | 4.7 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition. | ||||
| CVE-2023-7221 | 1 Totolink | 2 T6, T6 Firmware | 2024-08-02 | 9.8 Critical |
| A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7208 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-08-02 | 8 High |
| A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7095 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6948 | 2024-08-02 | 3 Low | ||
| A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | ||||
| CVE-2023-6906 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-02 | 9.8 Critical |
| A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6881 | 2024-08-02 | 7.3 High | ||
| Possible buffer overflow in is_mount_point | ||||
| CVE-2023-6864 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-08-02 | 8.8 High |
| Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | ||||
| CVE-2023-5908 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2024-08-02 | 9.1 Critical |
| KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | ||||
| CVE-2023-5753 | 1 Zephyrproject | 1 Zephyr | 2024-08-02 | 6.3 Medium |
| Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c | ||||
| CVE-2023-5184 | 1 Zephyrproject | 1 Zephyr | 2024-08-02 | 7 High |
| Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. | ||||