Vulnerabilities (CVE)

Filtered by CWE-787
Total 12418 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50984 1 Tenda 2 I29, I29 Firmware 2024-11-21 N/A 9.8 CRITICAL
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.
CVE-2023-50965 1 Starnight 1 Micro Http Server 2024-11-21 N/A 9.8 CRITICAL
In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.
CVE-2023-50711 1 Rust-vmm 1 Vmm-sys-util 2024-11-21 N/A 5.7 MEDIUM
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code.
CVE-2023-50572 1 Jline 1 Jline 2024-11-21 N/A 5.5 MEDIUM
An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.
CVE-2023-50330 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2024-11-21 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVE-2023-50268 1 Jqlang 1 Jq 2024-11-21 N/A 6.2 MEDIUM
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.
CVE-2023-50244 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2024-11-21 N/A 7.2 HIGH
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter.
CVE-2023-50243 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2024-11-21 N/A 7.2 HIGH
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter.
CVE-2023-50240 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2024-11-21 N/A 7.2 HIGH
Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter.
CVE-2023-50239 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2024-11-21 N/A 7.2 HIGH
Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter.
CVE-2023-50002 1 Tenda 2 W30e, W30e Firmware 2024-11-21 N/A 9.8 CRITICAL
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
CVE-2023-50001 1 Tenda 2 W30e, W30e Firmware 2024-11-21 N/A 9.8 CRITICAL
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
CVE-2023-50000 1 Tenda 2 W30e, W30e Firmware 2024-11-21 N/A 9.8 CRITICAL
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
CVE-2023-4949 2 Gnu, Xen 2 Grub, Xen 2024-11-21 N/A 8.1 HIGH
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
CVE-2023-4756 1 Gpac 1 Gpac 2024-11-21 N/A 5.5 MEDIUM
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4754 1 Gpac 1 Gpac 2024-11-21 N/A 5.5 MEDIUM
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4744 1 Tenda 2 Ac8, Ac8 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability.
CVE-2023-4738 2 Apple, Vim 2 Macos, Vim 2024-11-21 N/A 7.8 HIGH
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
CVE-2023-4735 2 Apple, Vim 2 Macos, Vim 2024-11-21 N/A 7.8 HIGH
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
CVE-2023-4692 2 Gnu, Redhat 2 Grub2, Enterprise Linux 2024-11-21 N/A 7.5 HIGH
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.