Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6334 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-09-25 | N/A | 7.8 HIGH |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7. | |||||
| CVE-2023-3110 | 1 Silabs | 1 Unify Software Development Kit | 2024-09-25 | N/A | 8.8 HIGH |
| Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | |||||
| CVE-2023-3024 | 2 Qualcomm, Silabs | 9 Aqt1000, Csrb31024, Wcd9370 and 6 more | 2024-09-25 | N/A | 6.5 MEDIUM |
| Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | |||||
| CVE-2023-0972 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-25 | N/A | 8.8 HIGH |
| Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | |||||
| CVE-2023-0969 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-09-25 | N/A | 3.5 LOW |
| A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | |||||
| CVE-2022-1778 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2024-09-25 | N/A | 4.4 MEDIUM |
| Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | |||||
| CVE-2023-44019 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. | |||||
| CVE-2023-44018 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. | |||||
| CVE-2023-44017 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | |||||
| CVE-2023-44016 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | |||||
| CVE-2023-44015 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. | |||||
| CVE-2023-44014 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. | |||||
| CVE-2023-44013 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-09-25 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. | |||||
| CVE-2024-45809 | 1 Envoyproxy | 1 Envoy | 2024-09-24 | N/A | 7.5 HIGH |
| Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-45810 | 1 Envoyproxy | 1 Envoy | 2024-09-24 | N/A | 7.5 HIGH |
| Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-27879 | 2024-09-20 | N/A | 7.5 HIGH | ||
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination. | |||||
| CVE-2023-28601 | 2024-09-19 | N/A | 6.5 MEDIUM | ||
| Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client. | |||||
| CVE-2024-45181 | 2 Microsoft, Wibu | 2 Windows, Wibukey | 2024-09-18 | N/A | 7.8 HIGH |
| An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption. | |||||
| CVE-2022-32455 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-09-17 | N/A | 7.5 HIGH |
| In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-40661 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-09-16 | N/A | 6.4 MEDIUM |
| Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. | |||||