Total
3765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26319 | 2 Mi, Xiaomi | 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router | 2024-11-21 | 6.7 Medium |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | ||||
| CVE-2023-26318 | 2 Mi, Xiaomi | 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router | 2024-11-21 | 6.7 Medium |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | ||||
| CVE-2023-25642 | 1 Zte | 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more | 2024-11-21 | 5.9 Medium |
| There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. | ||||
| CVE-2023-24851 | 1 Qualcomm | 382 Ar8035, Ar8035 Firmware, Csr8811 and 379 more | 2024-11-21 | 7.8 High |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. | ||||
| CVE-2023-24548 | 1 Arista | 44 7280cr3-32d4, 7280cr3-32p4, 7280cr3-36s and 41 more | 2024-11-21 | 5.3 Medium |
| On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place. | ||||
| CVE-2023-24294 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2024-11-21 | 7.5 High |
| Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification. | ||||
| CVE-2023-23513 | 1 Apple | 1 Macos | 2024-11-21 | 9.8 Critical |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | ||||
| CVE-2023-23364 | 1 Qnap | 1 Multimedia Console | 2024-11-21 | 8.1 High |
| A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later | ||||
| CVE-2023-23363 | 1 Qnap | 1 Qts | 2024-11-21 | 8.1 High |
| A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later | ||||
| CVE-2023-22386 | 1 Qualcomm | 402 215, 215 Firmware, Ar8035 and 399 more | 2024-11-21 | 7.8 High |
| Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | ||||
| CVE-2023-21649 | 1 Qualcomm | 130 Apq8096au, Apq8096au Firmware, Aqt1000 and 127 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in WLAN while running doDriverCmd for an unspecific command. | ||||
| CVE-2023-21639 | 1 Qualcomm | 44 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 41 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. | ||||
| CVE-2023-21635 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Csrb31024 and 95 more | 2024-11-21 | 6.7 Medium |
| Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. | ||||
| CVE-2023-21406 | 1 Axis | 2 A1001, A1001 Firmware | 2024-11-21 | 7.1 High |
| Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code. lease refer to the Axis security advisory for more information, mitigation and affected products and software versions. | ||||
| CVE-2023-21243 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-20189 | 1 Cisco | 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more | 2024-11-21 | 8.6 High |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20168 | 1 Cisco | 84 Mds 9000, Mds 9100, Mds 9132t and 81 more | 2024-11-21 | 7.1 High |
| A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. | ||||
| CVE-2023-20162 | 1 Cisco | 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more | 2024-11-21 | 8.6 High |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20161 | 1 Cisco | 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more | 2024-11-21 | 8.6 High |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2023-20160 | 1 Cisco | 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more | 2024-11-21 | 8.6 High |
| Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||