Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50001 | 1 Tenda | 2 W30e, W30e Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. | |||||
| CVE-2023-49425 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . | |||||
| CVE-2023-49426 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | |||||
| CVE-2023-49405 | 1 Tenda | 2 W30e, W30e Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. | |||||
| CVE-2023-49433 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. | |||||
| CVE-2023-49408 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. | |||||
| CVE-2023-49411 | 1 Tenda | 2 W30e, W30e Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. | |||||
| CVE-2023-49432 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. | |||||
| CVE-2023-49434 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. | |||||
| CVE-2023-49430 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2023-12-09 | N/A | 9.8 CRITICAL |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. | |||||
| CVE-2023-42557 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 6.7 MEDIUM |
| Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code. | |||||
| CVE-2023-42558 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 7.8 HIGH |
| Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution. | |||||
| CVE-2023-42560 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 7.8 HIGH |
| Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code. | |||||
| CVE-2023-42561 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 6.8 MEDIUM |
| Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. | |||||
| CVE-2023-48697 | 1 Microsoft | 1 Azure Rtos Usbx | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-42567 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 7.8 HIGH |
| Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow. | |||||
| CVE-2023-48692 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48691 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-3138 | 2 Redhat, X.org | 2 Enterprise Linux, Libx11 | 2023-12-08 | N/A | 7.5 HIGH |
| A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. | |||||
| CVE-2023-42566 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 7.8 HIGH |
| Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. | |||||