Vulnerabilities (CVE)

Filtered by CWE-120
Total 721 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6334 2 Hypr, Microsoft 2 Workforce Access, Windows 2024-11-21 N/A 5.3 MEDIUM
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.
CVE-2023-6238 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 N/A 6.7 MEDIUM
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.
CVE-2023-5139 1 Zephyrproject 1 Zephyr 2024-11-21 N/A 4.4 MEDIUM
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
CVE-2023-5075 1 Lenovo 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware 2024-11-21 N/A 6.7 MEDIUM
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-50364 1 Qnap 2 Qts, Quts Hero 2024-11-21 N/A 6.4 MEDIUM
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
CVE-2023-50362 1 Qnap 2 Qts, Quts Hero 2024-11-21 N/A 5.0 MEDIUM
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
CVE-2023-50361 1 Qnap 2 Qts, Quts Hero 2024-11-21 N/A 5.0 MEDIUM
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
CVE-2023-4452 1 Moxa 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more 2024-11-21 N/A 6.5 MEDIUM
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.
CVE-2023-4397 1 Zyxel 16 Atp100, Atp100w, Atp200 and 13 more 2024-11-21 N/A 4.4 MEDIUM
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
CVE-2023-49993 1 Espeak-ng 1 Espeak-ng 2024-11-21 N/A 5.3 MEDIUM
Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.
CVE-2023-49990 1 Espeak-ng 1 Espeak-ng 2024-11-21 N/A 5.3 MEDIUM
Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.
CVE-2023-49700 1 Asrmicro 4 Asr1803, Asr1803 Firmware, Asr1806 and 1 more 2024-11-21 N/A 6.7 MEDIUM
Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.
CVE-2023-47471 1 Struktur 1 Libde265 2024-11-21 N/A 6.5 MEDIUM
Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.
CVE-2023-47430 2024-11-21 N/A 6.5 MEDIUM
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.
CVE-2023-47217 1 Openatom 1 Openharmony 2024-11-21 N/A 4.0 MEDIUM
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.
CVE-2023-46363 1 Jbig2enc Project 1 Jbig2enc 2024-11-21 N/A 5.5 MEDIUM
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.
CVE-2023-46256 1 Dronecode 1 Px4 Drone Autopilot 2024-11-21 N/A 4.4 MEDIUM
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.
CVE-2023-46001 1 Gpac 1 Gpac 2024-11-21 N/A 5.5 MEDIUM
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.
CVE-2023-43816 1 Deltaww 1 Dopsoft 2024-11-21 6.8 MEDIUM 6.3 MEDIUM
A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
CVE-2023-43581 1 Lenovo 222 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 219 more 2024-11-21 N/A 6.7 MEDIUM
A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.