Export limit exceeded: 21579 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21579 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42095 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-21 | 3.3 Low |
| Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21879. | ||||
| CVE-2023-42090 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-21 | 7.1 High |
| Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596. | ||||
| CVE-2023-41967 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-11-21 | 2.4 Low |
| Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier. | ||||
| CVE-2023-41910 | 2 Lldpd Project, Redhat | 2 Lldpd, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | ||||
| CVE-2023-41712 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | 6.5 Medium |
| SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. | ||||
| CVE-2023-41711 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2024-11-21 | 6.5 Medium |
| SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. | ||||
| CVE-2023-41361 | 2 Debian, Frrouting | 2 Debian Linux, Frrouting | 2024-11-21 | 9.8 Critical |
| An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. | ||||
| CVE-2023-41360 | 4 Debian, Fedoraproject, Frrouting and 1 more | 4 Debian Linux, Fedora, Frrouting and 1 more | 2024-11-21 | 9.1 Critical |
| An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | ||||
| CVE-2023-41359 | 3 Fedoraproject, Frrouting, Redhat | 3 Fedora, Frrouting, Enterprise Linux | 2024-11-21 | 9.1 Critical |
| An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. | ||||
| CVE-2023-41299 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | ||||
| CVE-2023-41280 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-41279 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-41278 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-41273 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-41252 | 1 Intel | 1 Quickassist Technology Driver | 2024-11-21 | 6.5 Medium |
| Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-41140 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2024-11-21 | 7.8 High |
| A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2023-41112 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2024-11-21 | 7.1 High |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | ||||
| CVE-2023-41028 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 9 Critical |
| A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root. | ||||
| CVE-2023-40998 | 1 O-ran-sc | 1 Ric Message Router | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. | ||||
| CVE-2023-40997 | 1 O-ran-sc | 1 Ric Message Router | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. | ||||