Total
12333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51084 | 1 Yavijava | 1 Yavijava | 2024-11-21 | N/A | 9.8 CRITICAL |
| hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. | |||||
| CVE-2023-51080 | 1 Hutool | 1 Hutool | 2024-11-21 | N/A | 7.5 HIGH |
| The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | |||||
| CVE-2023-50992 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. | |||||
| CVE-2023-50990 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. | |||||
| CVE-2023-50988 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. | |||||
| CVE-2023-50987 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. | |||||
| CVE-2023-50986 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. | |||||
| CVE-2023-50985 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. | |||||
| CVE-2023-50984 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. | |||||
| CVE-2023-50965 | 1 Starnight | 1 Micro Http Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI. | |||||
| CVE-2023-50711 | 1 Rust-vmm | 1 Vmm-sys-util | 2024-11-21 | N/A | 5.7 MEDIUM |
| vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code. | |||||
| CVE-2023-50572 | 1 Jline | 1 Jline | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | |||||
| CVE-2023-50330 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2023-50268 | 1 Jqlang | 1 Jq | 2024-11-21 | N/A | 6.2 MEDIUM |
| jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue. | |||||
| CVE-2023-50244 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | N/A | 7.2 HIGH |
| Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter. | |||||
| CVE-2023-50243 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | N/A | 7.2 HIGH |
| Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter. | |||||
| CVE-2023-50240 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | N/A | 7.2 HIGH |
| Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter. | |||||
| CVE-2023-50239 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-11-21 | N/A | 7.2 HIGH |
| Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter. | |||||
| CVE-2023-50227 | 2024-11-21 | N/A | 8.3 HIGH | ||
| Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the hypervisor. . Was ZDI-CAN-21260. | |||||
| CVE-2023-50002 | 1 Tenda | 2 W30e, W30e Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. | |||||