Total
2432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25082 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables. | ||||
| CVE-2023-25081 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.2 High |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables. | ||||
| CVE-2023-24854 | 1 Qualcomm | 326 215, 215 Firmware, Ar8035 and 323 more | 2024-11-21 | 7.8 High |
| Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. | ||||
| CVE-2023-24018 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2023-23902 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 9.8 Critical |
| A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-23781 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.1 Medium |
| A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. | ||||
| CVE-2023-23780 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.6 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests. | ||||
| CVE-2023-22363 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.5 Medium |
| A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2) | ||||
| CVE-2023-21632 | 1 Qualcomm | 50 Apq8064au, Apq8064au Firmware, Msm8996au and 47 more | 2024-11-21 | 8.4 High |
| Memory corruption in Automotive GPU while querying a gsl memory node. | ||||
| CVE-2023-21414 | 1 Axis | 35 A8207-ve Mk Ii, Axis Os, M3215 and 32 more | 2024-11-21 | 7.1 High |
| NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2023-20250 | 1 Cisco | 9 Rv110w, Rv110w Firmware, Rv130 and 6 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device. | ||||
| CVE-2023-20079 | 1 Cisco | 42 Ip Phone 6825, Ip Phone 6825 Firmware, Ip Phone 6841 and 39 more | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20078 | 1 Cisco | 34 Ip Phone 6825, Ip Phone 6825 Firmware, Ip Phone 6841 and 31 more | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-1646 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0770 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 7.8 High |
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. | ||||
| CVE-2023-0426 | 1 Abb | 8 Ac700f, Ac700f Firmware, Ac900f and 5 more | 2024-11-21 | 8.6 High |
| ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1. | ||||
| CVE-2023-0330 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 5.3 Medium |
| A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | ||||
| CVE-2022-48522 | 1 Perl | 1 Perl | 2024-11-21 | 9.8 Critical |
| In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | ||||
| CVE-2022-47065 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2024-11-21 | 8.8 High |
| TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-41854 | 3 Fedoraproject, Redhat, Snakeyaml Project | 13 Fedora, Amq Clients, Camel Spring Boot and 10 more | 2024-11-21 | 5.8 Medium |
| Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | ||||