Search
Total
994 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45863 | 1 Linux | 1 Linux Kernel | 2024-01-11 | N/A | 6.4 MEDIUM |
| An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. | |||||
| CVE-2023-38858 | 1 Faad2 Project | 1 Faad2 | 2024-01-10 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. | |||||
| CVE-2023-38857 | 1 Faad2 Project | 1 Faad2 | 2024-01-10 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. | |||||
| CVE-2023-49991 | 1 Espeak-ng | 1 Espeak-ng | 2024-01-10 | N/A | 5.3 MEDIUM |
| Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. | |||||
| CVE-2023-49992 | 1 Espeak-ng | 1 Espeak-ng | 2024-01-10 | N/A | 5.3 MEDIUM |
| Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c. | |||||
| CVE-2023-6992 | 1 Cloudflare | 1 Zlib | 2024-01-10 | N/A | 5.5 MEDIUM |
| Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. | |||||
| CVE-2023-30774 | 2 Apple, Libtiff | 2 Macos, Libtiff | 2024-01-09 | N/A | 5.5 MEDIUM |
| A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | |||||
| CVE-2023-6693 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-01-08 | N/A | 5.3 MEDIUM |
| A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. | |||||
| CVE-2023-50572 | 1 Jline | 1 Jline | 2024-01-05 | N/A | 5.5 MEDIUM |
| An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | |||||
| CVE-2023-32891 | 2 Google, Mediatek | 46 Android, Lr13, Mt2735 and 43 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559. | |||||
| CVE-2023-32883 | 2 Google, Mediatek | 57 Android, Mt2713, Mt6580 and 54 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249. | |||||
| CVE-2023-32879 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064. | |||||
| CVE-2023-32882 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616. | |||||
| CVE-2023-32877 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | |||||
| CVE-2023-32872 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. | |||||
| CVE-2020-1483 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-01-04 | 9.3 HIGH | 5.0 MEDIUM |
| <p>A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.</p> <p>The security update addresses the vulnerability by correcting how Outlook handles objects in memory.</p> | |||||
| CVE-2020-1379 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 6.8 MEDIUM | 5.5 MEDIUM |
| <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.</p> | |||||
| CVE-2023-4255 | 2 Fedoraproject, Tats | 3 Extra Packages For Enterprise Linux, Fedora, W3m | 2024-01-03 | N/A | 5.5 MEDIUM |
| An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. | |||||
| CVE-2020-1172 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-31 | 7.6 HIGH | 4.2 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p> | |||||
| CVE-2020-0878 | 1 Microsoft | 11 Chakracore, Edge, Internet Explorer and 8 more | 2023-12-31 | 5.1 MEDIUM | 4.2 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> | |||||
| CVE-2020-16884 | 1 Microsoft | 1 Edge | 2023-12-31 | 6.8 MEDIUM | 4.2 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the IEToEdge BHO plug-in handles objects in memory.</p> | |||||
| CVE-2020-1057 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-31 | 9.3 HIGH | 4.2 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p> | |||||
| CVE-2020-1180 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-31 | 7.6 HIGH | 4.2 MEDIUM |
| <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p> | |||||
| CVE-2020-17054 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-31 | 7.6 HIGH | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-17048 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-31 | 6.8 MEDIUM | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-17131 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2023-12-31 | 5.1 MEDIUM | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2023-6228 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2023-12-29 | N/A | 5.5 MEDIUM |
| An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. | |||||
| CVE-2023-4154 | 1 Samba | 1 Samba | 2023-12-29 | N/A | 6.5 MEDIUM |
| A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence. | |||||
| CVE-2021-34448 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 9.3 HIGH | 6.8 MEDIUM |
| Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-34480 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 6.8 MEDIUM |
| Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-42279 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 5.1 MEDIUM | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2023-4042 | 2 Artifex, Redhat | 9 Ghostscript, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 6 more | 2023-12-27 | N/A | 5.5 MEDIUM |
| A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. | |||||
| CVE-2023-1801 | 1 Tcpdump | 1 Tcpdump | 2023-12-23 | N/A | 6.5 MEDIUM |
| The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | |||||
| CVE-2022-26475 | 3 Google, Linuxfoundation, Mediatek | 42 Android, Yocto, Mt6761 and 39 more | 2023-12-22 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. | |||||
| CVE-2023-1729 | 3 Fedoraproject, Libraw, Redhat | 3 Fedora, Libraw, Enterprise Linux | 2023-12-22 | N/A | 6.5 MEDIUM |
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. | |||||
| CVE-2020-18773 | 1 Exiv2 | 1 Exiv2 | 2023-12-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||||
| CVE-2021-3634 | 6 Debian, Fedoraproject, Libssh and 3 more | 7 Debian Linux, Fedora, Libssh and 4 more | 2023-12-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. | |||||
| CVE-2023-3164 | 2 Fossies, Redhat | 2 Gawk, Enterprise Linux | 2023-12-20 | N/A | 5.5 MEDIUM |
| A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. | |||||
| CVE-2023-50268 | 1 Jqlang | 1 Jq | 2023-12-19 | N/A | 5.5 MEDIUM |
| jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue. | |||||
| CVE-2023-50246 | 1 Jqlang | 1 Jq | 2023-12-19 | N/A | 5.5 MEDIUM |
| jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue. | |||||
| CVE-2023-43122 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2023-12-15 | N/A | 4.6 MEDIUM |
| Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader. | |||||
| CVE-2020-19190 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2023-12-13 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
| CVE-2020-19186 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2023-12-13 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
| CVE-2020-19189 | 3 Debian, Gnu, Netapp | 3 Debian Linux, Ncurses, Active Iq Unified Manager | 2023-12-13 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
| CVE-2020-19185 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2023-12-13 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
| CVE-2020-19188 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2023-12-13 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
| CVE-2020-19187 | 2 Gnu, Netapp | 2 Ncurses, Active Iq Unified Manager | 2023-12-13 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||||
| CVE-2023-28527 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2023-12-12 | N/A | 5.5 MEDIUM |
| IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. | |||||
| CVE-2023-28526 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2023-12-12 | N/A | 5.5 MEDIUM |
| IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. | |||||
| CVE-2023-42557 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 6.7 MEDIUM |
| Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code. | |||||