Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28379 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2023-11-17 | N/A | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-27882 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2023-11-17 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-25181 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2023-11-17 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2021-41160 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2023-11-17 | 6.8 MEDIUM | 8.8 HIGH |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. | |||||
| CVE-2023-28391 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2023-11-17 | N/A | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2023-11-17 | N/A | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-24585 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2023-11-17 | N/A | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-43886 | 1 Tenda | 2 Rx9 Pro, Rx9 Pro Firmware | 2023-11-16 | N/A | 7.1 HIGH |
| A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. | |||||
| CVE-2022-34245 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34247 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34251 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34260 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35700 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35701 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35699 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-11-15 | N/A | 7.8 HIGH |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-31837 | 1 Mcafee | 1 Getsusp | 2023-11-15 | 6.1 MEDIUM | 7.8 HIGH |
| Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD. | |||||
| CVE-2023-41111 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2023-11-14 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | |||||
| CVE-2023-46761 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-14 | N/A | 7.5 HIGH |
| Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | |||||
| CVE-2023-47249 | 1 Color | 1 Demoiccmax | 2023-11-14 | N/A | 6.5 MEDIUM |
| In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read. | |||||
| CVE-2023-42535 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.8 HIGH |
| Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | |||||