Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20894 | 1 Vmware | 1 Vcenter Server | 2023-07-13 | N/A | 9.8 CRITICAL |
| The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | |||||
| CVE-2023-20895 | 1 Vmware | 1 Vcenter Server | 2023-07-13 | N/A | 9.8 CRITICAL |
| The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | |||||
| CVE-2023-20892 | 1 Vmware | 1 Vcenter Server | 2023-07-13 | N/A | 9.8 CRITICAL |
| The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | |||||
| CVE-2023-37710 | 1 Tenda | 4 Ac10, Ac10 Firmware, Ac1206 and 1 more | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | |||||
| CVE-2023-37711 | 1 Tenda | 4 Ac10, Ac10 Firmware, Ac1206 and 1 more | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function. | |||||
| CVE-2023-37706 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function. | |||||
| CVE-2023-37705 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. | |||||
| CVE-2023-37702 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. | |||||
| CVE-2023-37707 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. | |||||
| CVE-2023-37704 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. | |||||
| CVE-2023-37703 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | |||||
| CVE-2023-37701 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | |||||
| CVE-2023-37700 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2023-07-13 | N/A | 9.8 CRITICAL |
| Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | |||||
| CVE-2023-37211 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-07-12 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2023-07-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-26781 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2023-07-11 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-26782 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2023-07-11 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-2598 | 2 Debian, Vim | 2 Debian Linux, Vim | 2023-07-11 | N/A | 5.5 MEDIUM |
| Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | |||||
| CVE-2022-41185 | 1 Sap | 1 3d Visual Enterprise Author | 2023-07-10 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
| CVE-2022-41193 | 1 Sap | 1 3d Visual Enterprise Viewer | 2023-07-10 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||