Total
12595 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-24817 | 1 Riot-os | 1 Riot | 2024-08-02 | 7.5 High |
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack. | ||||
CVE-2023-24585 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-08-02 | 7.7 High |
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | ||||
CVE-2023-24564 | 1 Siemens | 1 Solid Edge Se2023 | 2024-08-02 | 7.8 High |
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069) | ||||
CVE-2023-24056 | 1 Pkgconf | 1 Pkgconf | 2024-08-02 | 5.5 Medium |
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | ||||
CVE-2023-23567 | 1 Accusoft | 1 Imagegear | 2024-08-02 | 8.1 High |
A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2023-23518 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-02 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
CVE-2023-23529 | 2 Apple, Redhat | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-02 | 8.8 High |
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
CVE-2023-23517 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-08-02 | 8.8 High |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
CVE-2023-23457 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2024-08-02 | 5.3 Medium |
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. | ||||
CVE-2023-22882 | 1 Zoom | 1 Zoom | 2024-08-02 | 6.5 Medium |
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||||
CVE-2023-22881 | 1 Zoom | 1 Zoom | 2024-08-02 | 6.5 Medium |
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||||
CVE-2023-22313 | 1 Intel | 5 Qat Driver, Qat Driver Firmware, Quickassist Technology Driver and 2 more | 2024-08-02 | 2.3 Low |
Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. | ||||
CVE-2023-22297 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2024-08-02 | 8.2 High |
Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | ||||
CVE-2023-21654 | 1 Qualcomm | 112 Apq8096au, Apq8096au Firmware, Aqt1000 and 109 more | 2024-08-02 | 6.7 Medium |
Memory corruption in Audio during playback session with audio effects enabled. | ||||
CVE-2023-21663 | 1 Qualcomm | 76 Aqt1000, Aqt1000 Firmware, Qca6420 and 73 more | 2024-08-02 | 6.7 Medium |
Memory Corruption while accessing metadata in Display. | ||||
CVE-2023-21634 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 99 more | 2024-08-02 | 6.7 Medium |
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. | ||||
CVE-2023-21637 | 1 Qualcomm | 110 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 107 more | 2024-08-02 | 6.7 Medium |
Memory corruption in Linux while calling system configuration APIs. | ||||
CVE-2023-21633 | 1 Qualcomm | 194 Apq8064au, Apq8064au Firmware, Aqt1000 and 191 more | 2024-08-02 | 6.7 Medium |
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. | ||||
CVE-2023-21628 | 1 Qualcomm | 566 Apq8017, Apq8017 Firmware, Apq8064au and 563 more | 2024-08-02 | 8.4 High |
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. | ||||
CVE-2023-21264 | 1 Google | 1 Android | 2024-08-02 | 6.7 Medium |
In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |