Total
14128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22670 | 1 Opendesign | 1 Drawings Sdk | 2026-06-17 | N/A | 7.8 HIGH |
| A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2023-22669 | 1 Opendesign | 1 Drawings Sdk | 2026-06-17 | N/A | 7.8 HIGH |
| Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2023-22666 | 1 Qualcomm | 344 Apq8009, Apq8009 Firmware, Apq8017 and 341 more | 2026-06-17 | N/A | 8.4 HIGH |
| Memory Corruption in Audio while playing amrwbplus clips with modified content. | |||||
| CVE-2023-22640 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-06-17 | N/A | 7.5 HIGH |
| A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | |||||
| CVE-2023-22639 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-06-17 | N/A | 6.7 MEDIUM |
| A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands. | |||||
| CVE-2023-22615 | 1 Insyde | 1 Insydeh2o | 2026-06-17 | N/A | 8.4 HIGH |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM. | |||||
| CVE-2023-22614 | 1 Insyde | 1 Insydeh2o | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler. | |||||
| CVE-2023-22613 | 1 Insyde | 1 Insydeh2o | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. | |||||
| CVE-2023-22612 | 1 Insyde | 1 Insydeh2o | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM. | |||||
| CVE-2023-22442 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2026-06-17 | N/A | 7.9 HIGH |
| Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2023-22435 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | |||||
| CVE-2023-22415 | 1 Juniper | 46 Junos, Mx10, Mx10000 and 43 more | 2026-06-17 | N/A | 7.5 HIGH |
| An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2. | |||||
| CVE-2023-22411 | 1 Juniper | 29 Junos, Srx100, Srx110 and 26 more | 2026-06-17 | N/A | 7.5 HIGH |
| An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. | |||||
| CVE-2023-22404 | 1 Juniper | 46 Junos, Mx10, Mx10000 and 43 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will lead to continuous crashing of iked and thereby the inability for any IKE negotiations to take place. Note that this payload is only processed after the authentication has successfully completed. So the issue can only be exploited by an attacker who can successfully authenticate. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2. | |||||
| CVE-2023-22388 | 1 Qualcomm | 458 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 455 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Memory Corruption in Multi-mode Call Processor while processing bit mask API. | |||||
| CVE-2023-22386 | 1 Qualcomm | 402 215, 215 Firmware, Ar8035 and 399 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | |||||
| CVE-2023-22385 | 1 Qualcomm | 482 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 479 more | 2026-06-17 | N/A | 8.2 HIGH |
| Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | |||||
| CVE-2023-22384 | 1 Qualcomm | 18 Qca6574au, Qca6574au Firmware, Qca6696 and 15 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ). | |||||
| CVE-2023-22383 | 1 Qualcomm | 118 Aqt1000, Aqt1000 Firmware, C-v2x 9150 and 115 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Memory Corruption in camera while installing a fd for a particular DMA buffer. | |||||
| CVE-2023-22363 | 1 Gallagher | 1 Command Centre | 2026-06-17 | N/A | 6.5 MEDIUM |
| A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2) | |||||
