Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27585 | 1 Teluu | 1 Pjsip | 2024-11-21 | N/A | 7.5 HIGH |
| PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. | |||||
| CVE-2023-26966 | 1 Libtiff | 1 Libtiff | 2024-11-21 | N/A | 5.5 MEDIUM |
| libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. | |||||
| CVE-2023-26930 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” | |||||
| CVE-2023-26924 | 1 Llvm | 1 Llvm | 2024-11-21 | N/A | 5.5 MEDIUM |
| LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." | |||||
| CVE-2023-26769 | 1 Liblouis | 1 Liblouis | 2024-11-21 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. | |||||
| CVE-2023-26767 | 1 Liblouis | 1 Liblouis | 2024-11-21 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. | |||||
| CVE-2023-26616 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. | |||||
| CVE-2023-26612 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. | |||||
| CVE-2023-26320 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||
| CVE-2023-26319 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||
| CVE-2023-26318 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | |||||
| CVE-2023-26110 | 1 Node-bluetooth Project | 1 Node-bluetooth | 2024-11-21 | N/A | 7.3 HIGH |
| All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | |||||
| CVE-2023-26109 | 1 Node-bluetooth-serial-port Project | 1 Node-bluetooth-serial-port | 2024-11-21 | N/A | 7.3 HIGH |
| All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | |||||
| CVE-2023-25664 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. | |||||
| CVE-2023-25642 | 1 Zte | 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||||
| CVE-2023-25505 | 1 Nvidia | 2 Bmc, Dgx-1 | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. | |||||
| CVE-2023-25433 | 1 Libtiff | 1 Libtiff | 2024-11-21 | N/A | 5.5 MEDIUM |
| libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. | |||||
| CVE-2023-25076 | 1 Sniproxy Project | 1 Sniproxy | 2024-11-21 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-24809 | 1 Nethack | 1 Nethack | 2024-11-21 | N/A | 5.5 MEDIUM |
| NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds. | |||||
| CVE-2023-24584 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. | |||||