Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6780 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Glibc, Enterprise Linux | 2025-02-07 | 5.3 Medium |
| An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. | ||||
| CVE-2023-24819 | 1 Riot-os | 1 Riot | 2025-02-04 | 9.8 Critical |
| RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | ||||
| CVE-2023-2687 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-08 | 2.9 Low |
| Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | ||||
| CVE-2024-8361 | 2025-01-08 | 7.5 High | ||
| In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not implemented, device can be recovered only after a hard reset | ||||
| CVE-2017-13315 | 2 F5, Google | 2 Access For Android, Android | 2024-12-18 | 7.8 High |
| In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-5000 | 2024-11-21 | 7.5 High | ||
| An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. | ||||
| CVE-2024-45287 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.1 Critical |
| A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. | ||||
| CVE-2024-28052 | 2 Level1, Levelone | 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 | 2024-11-21 | 5.3 Medium |
| The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities. | ||||
| CVE-2024-23622 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 10 Critical |
| A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | ||||
| CVE-2024-23621 | 1 Ibm | 1 Merge Efilm Workstation | 2024-11-21 | 10 Critical |
| A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | ||||
| CVE-2023-6387 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 7.5 High |
| A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | ||||
| CVE-2023-52558 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.5 High |
| In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences. | ||||
| CVE-2023-52557 | 2024-11-21 | 7.5 High | ||
| In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length. | ||||
| CVE-2023-51257 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 7.8 High |
| An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. | ||||
| CVE-2023-50736 | 2024-11-21 | 9 Critical | ||
| A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||||
| CVE-2023-30575 | 1 Apache | 1 Guacamole | 2024-11-21 | 6.5 Medium |
| Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. | ||||
| CVE-2023-20798 | 2 Google, Mediatek | 12 Android, Mt2713, Mt6855 and 9 more | 2024-11-21 | 4.4 Medium |
| In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076. | ||||
| CVE-2022-33211 | 1 Qualcomm | 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more | 2024-11-21 | 9.8 Critical |
| memory corruption in modem due to improper check while calculating size of serialized CoAP message | ||||
| CVE-2022-31630 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | ||||
| CVE-2022-2873 | 5 Debian, Fedoraproject, Linux and 2 more | 16 Debian Linux, Fedora, Linux Kernel and 13 more | 2024-11-21 | 5.5 Medium |
| An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | ||||