Vulnerabilities (CVE)

Filtered by CWE-787
Total 14080 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20630 2 Google, Mediatek 25 Android, Mt6580, Mt6735 and 22 more 2026-06-17 N/A 6.7 MEDIUM
In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628505; Issue ID: ALPS07628505.
CVE-2023-20626 2 Google, Mediatek 27 Android, Mt6739, Mt6761 and 24 more 2026-06-17 N/A 6.7 MEDIUM
In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.
CVE-2023-20615 2 Google, Mediatek 37 Android, Mt6739, Mt6761 and 34 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629572; Issue ID: ALPS07629572.
CVE-2023-20614 2 Google, Mediatek 38 Android, Mt6739, Mt6761 and 35 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615.
CVE-2023-20604 2 Google, Mediatek 27 Android, Mt6735, Mt6737 and 24 more 2026-06-17 N/A 6.7 MEDIUM
In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494067; Issue ID: ALPS07494067.
CVE-2023-20555 1 Amd 238 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 235 more 2026-06-17 N/A 7.8 HIGH
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
CVE-2023-20524 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2026-06-17 N/A 7.5 HIGH
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.
CVE-2023-20520 1 Amd 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more 2026-06-17 N/A 9.8 CRITICAL
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
CVE-2023-20513 2026-06-17 N/A 3.3 LOW
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.
CVE-2023-20250 1 Cisco 8 Rv110w, Rv110w Firmware, Rv130 and 5 more 2026-06-17 N/A 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.
CVE-2023-20109 1 Cisco 2 Ios, Ios Xe 2026-06-17 N/A 6.6 MEDIUM
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.
CVE-2023-20081 1 Cisco 304 1100-4g Integrated Services Router, 1100-4p Integrated Services Router, 1100-6g Integrated Services Router and 301 more 2026-06-17 N/A 6.8 MEDIUM
A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position.
CVE-2023-20079 1 Cisco 42 Ip Phone 6825, Ip Phone 6825 Firmware, Ip Phone 6841 and 39 more 2026-06-17 N/A 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20078 1 Cisco 34 Ip Phone 6825, Ip Phone 6825 Firmware, Ip Phone 6841 and 31 more 2026-06-17 N/A 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20032 3 Cisco, Clamav, Stormshield 5 Secure Endpoint, Secure Endpoint Private Cloud, Web Security Appliance and 2 more 2026-06-17 N/A 9.8 CRITICAL
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].
CVE-2023-1972 1 Gnu 1 Binutils 2026-06-17 N/A 6.5 MEDIUM
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
CVE-2023-1945 1 Mozilla 2 Firefox Esr, Thunderbird 2026-06-17 N/A 6.5 MEDIUM
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.
CVE-2023-1906 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2026-06-17 N/A 5.5 MEDIUM
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVE-2023-1901 1 Zephyrproject 1 Zephyr 2026-06-17 N/A 5.9 MEDIUM
The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.
CVE-2023-1820 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2026-06-17 N/A 8.8 HIGH
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)