Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32975 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | N/A | 4.9 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later | |||||
| CVE-2023-32968 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | N/A | 4.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later | |||||
| CVE-2023-32860 | 2 Google, Mediatek | 23 Android, Mt6761, Mt6765 and 20 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788. | |||||
| CVE-2023-32859 | 2 Google, Mediatek | 45 Android, Mt6761, Mt6765 and 42 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473. | |||||
| CVE-2023-32763 | 1 Qt | 1 Qt | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. | |||||
| CVE-2023-32384 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-32379 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-31998 | 1 Ui | 4 Aircube, Aircube Firmware, Edgemax Edgerouter and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. | |||||
| CVE-2023-30383 | 1 Tp-link | 6 Archer C20, Archer C20 Firmware, Archer C2 V1 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. | |||||
| CVE-2023-2686 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 9.8 CRITICAL |
| Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | |||||
| CVE-2023-29856 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. | |||||
| CVE-2023-29414 | 1 Schneider-electric | 1 Accutech Manager | 2024-11-21 | N/A | 7.8 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call. | |||||
| CVE-2023-28812 | 1 Hikvision | 1 Localservicecomponents | 2024-11-21 | N/A | 9.1 CRITICAL |
| There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. | |||||
| CVE-2023-28811 | 1 Hikvision | 79 Ds-7104ni-q1\(c\), Ds-7104ni-q1\(c\) Firmware, Ds-7104ni-q1\(d\) and 76 more | 2024-11-21 | N/A | 7.4 HIGH |
| There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. | |||||
| CVE-2023-28769 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | |||||
| CVE-2023-28741 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-11-21 | N/A | 7.9 HIGH |
| Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28736 | 1 Mdadm Project | 1 Mdadm | 2024-11-21 | N/A | 5.7 MEDIUM |
| Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28544 | 1 Qualcomm | 412 Aqt1000, Aqt1000 Firmware, Ar9380 and 409 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. | |||||
| CVE-2023-27989 | 1 Zyxel | 8 Lte7480-m804, Lte7480-m804 Firmware, Lte7490-m904 and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
| CVE-2023-27590 | 1 Rizin | 1 Rizin | 2024-11-21 | N/A | 7.8 HIGH |
| Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands. | |||||