Total
1850 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42790 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.1 HIGH |
| A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-42463 | 1 Wazuh | 1 Wazuh | 2024-11-21 | N/A | 7.4 HIGH |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3. | |||||
| CVE-2023-41280 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41279 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41278 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41277 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41251 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-3943 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. | |||||
| CVE-2023-3043 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 9.6 CRITICAL |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-39281 | 3 Amd, Insyde, Intel | 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. | |||||
| CVE-2023-38070 | 1 Siemens | 3 Jt2go, Teamcenter Visualization, Tecnomatix Plant Simulation | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818) | |||||
| CVE-2023-37296 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 8.3 HIGH |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-37293 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 9.6 CRITICAL |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2023-36950 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | |||||
| CVE-2023-36947 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | |||||
| CVE-2023-36729 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
| Named Pipe File System Elevation of Privilege Vulnerability | |||||
| CVE-2023-36006 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-35704 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function. | |||||
| CVE-2023-35703 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint64 function. | |||||
| CVE-2023-35702 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32 function. | |||||