Total
12281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34416 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-02-13 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||
| CVE-2023-31419 | 1 Elastic | 1 Elasticsearch | 2025-02-13 | N/A | 6.5 MEDIUM |
| A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | |||||
| CVE-2023-31130 | 3 C-ares Project, Debian, Fedoraproject | 3 C-ares, Debian Linux, Fedora | 2025-02-13 | N/A | 4.1 MEDIUM |
| c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | |||||
| CVE-2023-21255 | 2 Debian, Google | 2 Debian Linux, Android | 2025-02-13 | N/A | 7.8 HIGH |
| In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-34671 | 1 Nvidia | 7 Geforce, Gpu Display Driver, Nvs and 4 more | 2025-02-13 | N/A | 8.5 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service. | |||||
| CVE-2020-23258 | 1 Jsish | 1 Jsish | 2025-02-13 | N/A | 7.5 HIGH |
| An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | |||||
| CVE-2006-20001 | 1 Apache | 1 Http Server | 2025-02-13 | N/A | 7.5 HIGH |
| A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | |||||
| CVE-2021-30761 | 1 Apple | 1 Iphone Os | 2025-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2023-26976 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-02-13 | N/A | 7.5 HIGH |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | |||||
| CVE-2023-20653 | 2 Google, Mediatek | 60 Android, Mt6580, Mt6731 and 57 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144. | |||||
| CVE-2023-20652 | 2 Google, Mediatek | 60 Android, Mt6580, Mt6731 and 57 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135. | |||||
| CVE-2023-25212 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-25211 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-25210 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24800 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24799 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24798 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-24797 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
| D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
| CVE-2023-20670 | 2 Google, Mediatek | 46 Android, Mt2715, Mt6580 and 43 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710. | |||||
| CVE-2023-20666 | 2 Google, Mediatek | 11 Android, Mt6789, Mt6855 and 8 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173. | |||||