Vulnerabilities (CVE)

Filtered by CWE-20
Total 11596 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33100 1 Qualcomm 100 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 97 more 2026-06-17 N/A 7.5 HIGH
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.
CVE-2023-33099 1 Qualcomm 208 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 205 more 2026-06-17 N/A 7.5 HIGH
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
CVE-2023-33057 1 Qualcomm 202 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 199 more 2026-06-17 N/A 7.5 HIGH
Transient DOS in Multi-Mode Call Processor while processing UE policy container.
CVE-2023-33042 1 Qualcomm 148 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 145 more 2026-06-17 N/A 7.5 HIGH
Transient DOS in Modem after RRC Setup message is received.
CVE-2023-33014 1 Qualcomm 74 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 71 more 2026-06-17 N/A 7.6 HIGH
Information disclosure in Core services while processing a Diag command.
CVE-2023-32890 1 Mediatek 45 Lr13, Mt2735, Mt6779 and 42 more 2026-06-17 N/A 7.5 HIGH
In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).
CVE-2023-32827 2 Google, Mediatek 35 Android, Mt6879, Mt6886 and 32 more 2026-06-17 N/A 6.7 MEDIUM
In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.
CVE-2023-32826 2 Google, Mediatek 35 Android, Mt6879, Mt6886 and 32 more 2026-06-17 N/A 6.7 MEDIUM
In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.
CVE-2023-32820 4 Google, Linux, Linuxfoundation and 1 more 43 Android, Linux Kernel, Yocto and 40 more 2026-06-17 N/A 7.5 HIGH
In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.
CVE-2023-32811 3 Google, Linuxfoundation, Mediatek 21 Android, Yocto, Iot Yocto and 18 more 2026-06-17 N/A 6.7 MEDIUM
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.
CVE-2023-32727 1 Zabbix 1 Zabbix Server 2026-06-17 N/A 6.8 MEDIUM
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
CVE-2023-32688 1 Parseplatform 1 Parse Server Push Adapter 2026-06-17 N/A 4.9 MEDIUM
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
CVE-2023-32649 1 Nozominetworks 2 Cmc, Guardian 2026-06-17 N/A 7.5 HIGH
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.
CVE-2023-32560 1 Ivanti 1 Avalanche 2026-06-17 N/A 9.8 CRITICAL
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
CVE-2023-32485 1 Dell 1 Smartfabric Storage Software 2026-06-17 N/A 9.8 CRITICAL
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-32484 1 Dell 1 Enterprise Sonic Distribution 2026-06-17 N/A 9.8 CRITICAL
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-32480 1 Dell 62 Alienware M15 R7, Alienware M15 R7 Firmware, G15 5510 and 59 more 2026-06-17 N/A 6.8 MEDIUM
Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.
CVE-2023-32469 1 Dell 6 Precision 5820, Precision 5820 Firmware, Precision 7820 and 3 more 2026-06-17 N/A 7.5 HIGH
Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.
CVE-2023-32462 1 Dell 1 Smartfabric Os10 2026-06-17 N/A 9.8 CRITICAL
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-32323 1 Matrix 1 Synapse 2026-06-17 N/A 5.0 MEDIUM
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.