Export limit exceeded: 23274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346631 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5998 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.5 High |
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. | ||||
| CVE-2023-5944 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 7.8 High |
| Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file. | ||||
| CVE-2023-5908 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2024-11-21 | 9.1 Critical |
| KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | ||||
| CVE-2023-5748 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | 3.3 Low |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. | ||||
| CVE-2023-5460 | 1 Deltaww | 1 Wplsoft | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5377 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. | ||||
| CVE-2023-5179 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | 7.8 High |
| An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | ||||
| CVE-2023-5130 | 1 Deltaww | 1 Wplsoft | 2024-11-21 | 8.2 High |
| A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution. | ||||
| CVE-2023-5075 | 1 Lenovo | 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware | 2024-11-21 | 6.7 Medium |
| A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2023-5055 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. | ||||
| CVE-2023-52309 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 8.2 High |
| Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | ||||
| CVE-2023-52267 | 1 Hongliuliao | 1 Ehttp | 2024-11-21 | 7.5 High |
| ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. | ||||
| CVE-2023-52152 | 1 Cybergarage | 1 Mupnp For C | 2024-11-21 | 7.5 High |
| mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. | ||||
| CVE-2023-52103 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read. | ||||
| CVE-2023-51888 | 1 Ctan | 1 Mathtex | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. | ||||
| CVE-2023-51746 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-51434 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | 9.3 Critical |
| Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. | ||||
| CVE-2023-51432 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | 3.2 Low |
| Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | ||||
| CVE-2023-50986 | 1 Tenda | 2 I29, I29 Firmware | 2024-11-21 | 8.8 High |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. | ||||
| CVE-2023-50713 | 1 Specklesystems | 1 Speckle Server | 2024-11-21 | 6.5 Medium |
| Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users. This has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with 'token write' scope, or created a token in frontend-2 with `token write` scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist. | ||||