Total
2493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33976 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.5 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12. | |||||
| CVE-2023-33864 | 1 Renderdoc | 1 Renderdoc | 2024-11-21 | N/A | 9.8 CRITICAL |
| StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize. | |||||
| CVE-2023-33863 | 1 Renderdoc | 1 Renderdoc | 2024-11-21 | N/A | 9.8 CRITICAL |
| SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1. | |||||
| CVE-2023-33204 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2024-11-21 | N/A | 7.8 HIGH |
| sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. | |||||
| CVE-2023-33107 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq8017 and 481 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||||
| CVE-2023-33038 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Memory corruption while receiving a message in Bus Socket Transport Server. | |||||
| CVE-2023-33032 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | |||||
| CVE-2023-33022 | 1 Qualcomm | 424 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq5053-aa and 421 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in HLOS while invoking IOCTL calls from user-space. | |||||
| CVE-2023-33018 | 1 Qualcomm | 526 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 523 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption while using the UIM diag command to get the operators name. | |||||
| CVE-2023-32881 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080. | |||||
| CVE-2023-32829 | 3 Google, Linuxfoundation, Mediatek | 17 Android, Yocto, Iot Yocto and 14 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478. | |||||
| CVE-2023-32828 | 2 Google, Mediatek | 17 Android, Iot Yocto, Mt6771 and 14 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817. | |||||
| CVE-2023-32823 | 2 Google, Mediatek | 31 Android, Mt6580, Mt6739 and 28 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966. | |||||
| CVE-2023-32650 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.0 HIGH |
| An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | |||||
| CVE-2023-32434 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | |||||
| CVE-2023-32307 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | N/A | 7.5 HIGH |
| Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. | |||||
| CVE-2023-32058 | 1 Vyperlang | 1 Vyper | 2024-11-21 | N/A | 7.5 HIGH |
| Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8. | |||||
| CVE-2023-32051 | 1 Microsoft | 5 Raw Image Extension, Windows 10 21h2, Windows 10 22h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2023-31034 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 6.6 MEDIUM |
| NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
| CVE-2023-30463 | 1 Altran | 1 Picotcp | 2024-11-21 | N/A | 7.5 HIGH |
| Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur. | |||||