Total
2095 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-27355 | 1 Sonos | 4 One, One Firmware, S1 and 1 more | 2024-11-21 | 8.8 High |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773. | ||||
CVE-2023-27346 | 1 Mi | 1 Ax1800 Firmware | 2024-11-21 | N/A |
TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19703. | ||||
CVE-2023-27333 | 2024-11-21 | N/A | ||
TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command 0x422 provided to the tmpServer service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19905. | ||||
CVE-2023-27332 | 1 Tp-link | 1 Archer Ax21 Firmware | 2024-11-21 | N/A |
TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logging functionality of the tdpServer program, which listens on UDP port 20002. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19898. | ||||
CVE-2023-26412 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Designer, Macos, Windows | 2024-11-21 | 7.8 High |
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-26390 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | 7.8 High |
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-26383 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | 7.8 High |
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-26337 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-21 | 7.8 High |
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-26253 | 1 Gluster | 1 Glusterfs | 2024-11-21 | 7.5 High |
In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. | ||||
CVE-2023-25602 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.4 High |
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
CVE-2023-25528 | 1 Nvidia | 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware | 2024-11-21 | 8.8 High |
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | ||||
CVE-2023-25177 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | 7.8 High |
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
CVE-2023-25124 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables. | ||||
CVE-2023-25123 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2. | ||||
CVE-2023-25122 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables. | ||||
CVE-2023-25121 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable. | ||||
CVE-2023-25120 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the cisco_secret variable. | ||||
CVE-2023-25119 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables. | ||||
CVE-2023-25118 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables. | ||||
CVE-2023-25117 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables. |