Total
12594 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37442 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's default VCD parsing code. | ||||
CVE-2023-37446 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. | ||||
CVE-2023-37445 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. | ||||
CVE-2023-37333 | 2024-08-02 | N/A | ||
Kofax Power PDF PCX File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20389. | ||||
CVE-2023-37332 | 2024-08-02 | N/A | ||
Kofax Power PDF PNG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20388. | ||||
CVE-2023-37282 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | ||||
CVE-2023-36861 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | ||||
CVE-2023-36794 | 1 Microsoft | 18 .net, .net Framework, Powershell and 15 more | 2024-08-02 | 7.8 High |
Visual Studio Remote Code Execution Vulnerability | ||||
CVE-2023-36747 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7 High |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table. | ||||
CVE-2023-36660 | 1 Nettle Project | 1 Nettle | 2024-08-02 | 9.8 Critical |
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. | ||||
CVE-2023-35958 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the copy function `fstFread`. | ||||
CVE-2023-35957 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`. | ||||
CVE-2023-35970 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type. | ||||
CVE-2023-35956 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`. | ||||
CVE-2023-35969 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types. | ||||
CVE-2023-35955 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`. | ||||
CVE-2023-35002 | 1 Accusoft | 1 Imagegear | 2024-08-02 | 9.8 Critical |
A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2023-34436 | 1 Tonybybell | 1 Gtkwave | 2024-08-02 | 7.8 High |
An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | ||||
CVE-2023-34341 | 1 Ami | 1 Megarac Sp-x | 2024-08-02 | 7.2 High |
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering. | ||||
CVE-2023-34332 | 1 Ami | 1 Megarac Sp-x | 2024-08-02 | 7.8 High |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |