Total
11285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24130 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2024-08-02 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-24014 | 1 Deltaww | 1 Cncsoft-b | 2024-08-02 | 7.8 High |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2023-24019 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-08-02 | 8.1 High |
| A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-23910 | 1 Intel | 2 Oneapi Hpc Toolkit, Trace Analyzer And Collector | 2024-08-02 | 3.9 Low |
| Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. | ||||
| CVE-2023-23609 | 1 Contiki-ng | 1 Contiki-ng | 2024-08-02 | 8.2 High |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG's default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9. | ||||
| CVE-2023-23606 | 1 Mozilla | 1 Firefox | 2024-08-02 | 8.8 High |
| Memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109. | ||||
| CVE-2023-23579 | 1 Datakit | 1 Crosscadware | 2024-08-02 | 7.8 High |
| Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-23585 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-08-02 | 9.8 Critical |
| Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2023-23567 | 1 Accusoft | 1 Imagegear | 2024-08-02 | 8.1 High |
| A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-23569 | 1 Intel | 2 Oneapi Hpc Toolkit, Trace Analyzer And Collector | 2024-08-02 | 7.8 High |
| Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-23605 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-08-02 | 8.8 High |
| Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | ||||
| CVE-2023-23582 | 1 Snapav | 2 Wattbox Wb-300-ip-3, Wattbox Wb-300-ip-3 Firmware | 2024-08-02 | 5.3 Medium |
| Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. | ||||
| CVE-2023-23519 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-02 | 7.5 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service. | ||||
| CVE-2023-23580 | 1 Intel | 2 Oneapi Hpc Toolkit, Trace Analyzer And Collector | 2024-08-02 | 4.8 Medium |
| Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. | ||||
| CVE-2023-23556 | 1 Facebook | 1 Hermes | 2024-08-02 | 9.8 Critical |
| An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
| CVE-2023-23306 | 1 Garmin | 1 Connect-iq | 2024-08-02 | 9.8 Critical |
| The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware. | ||||
| CVE-2023-23086 | 1 Mojojson Project | 1 Mojojson | 2024-08-02 | 9.8 Critical |
| Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. | ||||
| CVE-2023-23082 | 1 Kodi | 1 Kodi | 2024-08-02 | 4.6 Medium |
| A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. | ||||
| CVE-2023-23088 | 1 Json-parser Project | 1 Json-parser | 2024-08-02 | 9.8 Critical |
| Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. | ||||
| CVE-2023-22842 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-08-02 | 7.5 High |
| On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||