Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42782 | 2 Fedoraproject, Opensc Project | 2 Fedora, Opensc | 2023-06-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. | |||||
| CVE-2023-33626 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2023-06-16 | N/A | 9.8 CRITICAL |
| D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. | |||||
| CVE-2023-24014 | 1 Deltaww | 1 Cncsoft-b | 2023-06-14 | N/A | 7.8 HIGH |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-48188 | 1 Lenovo | 54 Ideacentre 510s-07icb, Ideacentre 510s-07icb Firmware, Ideacentre 510s-07ick and 51 more | 2023-06-13 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. | |||||
| CVE-2022-48181 | 1 Lenovo | 228 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 225 more | 2023-06-13 | N/A | 7.8 HIGH |
| An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. | |||||
| CVE-2023-1388 | 1 Trellix | 1 Agent | 2023-06-13 | N/A | 8.1 HIGH |
| A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. | |||||
| CVE-2022-41660 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-06-13 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2022-41664 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-06-13 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-39136 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-06-13 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2023-0054 | 1 Vim | 1 Vim | 2023-06-12 | N/A | 7.8 HIGH |
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. | |||||
| CVE-2018-1000140 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2023-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | |||||
| CVE-2020-12861 | 3 Canonical, Opensuse, Sane-project | 3 Ubuntu Linux, Leap, Sane Backends | 2023-06-12 | 7.9 HIGH | 8.8 HIGH |
| A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | |||||
| CVE-2018-4249 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2023-06-12 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app. | |||||
| CVE-2023-32324 | 2 Debian, Openprinting | 2 Debian Linux, Cups | 2023-06-08 | N/A | 5.5 MEDIUM |
| OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. | |||||
| CVE-2023-33975 | 1 Riot-os | 1 Riot | 2023-06-07 | N/A | 9.8 CRITICAL |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams. | |||||
| CVE-2023-24817 | 1 Riot-os | 1 Riot | 2023-06-07 | N/A | 7.5 HIGH |
| RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack. | |||||
| CVE-2023-0341 | 1 Editorconfig | 1 Editorconfig | 2023-06-03 | N/A | 7.8 HIGH |
| A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer. | |||||
| CVE-2023-25537 | 1 Dell | 60 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 57 more | 2023-05-30 | N/A | 7.8 HIGH |
| Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. | |||||
| CVE-2022-36191 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 5.5 MEDIUM |
| A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. | |||||
| CVE-2022-38530 | 1 Gpac | 1 Gpac | 2023-05-27 | N/A | 7.8 HIGH |
| GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. | |||||