Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35055 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function. | |||||
| CVE-2023-35012 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. | |||||
| CVE-2023-34426 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-34365 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-34306 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-18908. | |||||
| CVE-2023-34287 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17892. | |||||
| CVE-2023-33028 | 1 Qualcomm | 352 Ar8035, Ar8035 Firmware, Ar9380 and 349 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | |||||
| CVE-2023-32973 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 3.8 LOW |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | |||||
| CVE-2023-32972 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 3.8 LOW |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | |||||
| CVE-2023-32971 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 3.8 LOW |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | |||||
| CVE-2023-32149 | 2024-11-21 | N/A | 8.8 HIGH | ||
| D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19546. | |||||
| CVE-2023-31272 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-30900 | 1 Siemens | 1 Xpedition Layout Browser | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2023-2837 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 5.5 MEDIUM |
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | |||||
| CVE-2023-2676 | 1 H3c | 2 Magic R160, Magic R160 Firmware | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-228890 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2262 | 1 Rockwellautomation | 66 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 63 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device. | |||||
| CVE-2023-29583 | 1 Yasm Project | 1 Yasm | 2024-11-21 | N/A | 5.5 MEDIUM |
| yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code. | |||||
| CVE-2023-29503 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | N/A | 7.8 HIGH |
| The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-28703 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service. | |||||
| CVE-2023-28538 | 1 Qualcomm | 260 Aqt1000, Aqt1000 Firmware, Csra6620 and 257 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. | |||||