Total
13590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40052 | 1 Progress | 2 Openedge, Openedge Innovation | 2024-11-21 | 7.5 High |
| This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests. | ||||
| CVE-2023-3953 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2024-11-21 | 5.3 Medium |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | ||||
| CVE-2023-3471 | 1 Panasonic | 1 Kw Watcher | 2024-11-21 | 8.6 High |
| Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | ||||
| CVE-2023-3261 | 2 Cyberpower, Dataprobe | 45 Powerpanel Server, Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware and 42 more | 2024-11-21 | 7.5 High |
| The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server. | ||||
| CVE-2023-3138 | 2 Redhat, X.org | 3 Enterprise Linux, Rhel Eus, Libx11 | 2024-11-21 | 7.5 High |
| A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. | ||||
| CVE-2023-3024 | 2 Qualcomm, Silabs | 9 Aqt1000, Csrb31024, Wcd9370 and 6 more | 2024-11-21 | 5.9 Medium |
| Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | ||||
| CVE-2023-39984 | 1 Hitachi | 1 Eh-view | 2024-11-21 | 7.8 High |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-39976 | 2 Clusterlabs, Redhat | 3 Libqb, Enterprise Linux, Rhel Eus | 2024-11-21 | 9.8 Critical |
| log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. | ||||
| CVE-2023-39616 | 1 Aomedia | 1 Aomedia | 2024-11-21 | 7.5 High |
| AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. | ||||
| CVE-2023-39615 | 2 Redhat, Xmlsoft | 6 Enterprise Linux, Jboss Core Services, Openshift and 3 more | 2024-11-21 | 6.5 Medium |
| Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. | ||||
| CVE-2023-39130 | 1 Gnu | 1 Gdb | 2024-11-21 | 5.5 Medium |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. | ||||
| CVE-2023-39128 | 1 Gnu | 1 Gdb | 2024-11-21 | 5.5 Medium |
| GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. | ||||
| CVE-2023-38668 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). | ||||
| CVE-2023-38667 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. | ||||
| CVE-2023-38406 | 2 Frrouting, Redhat | 3 Frrouting, Enterprise Linux, Rhel Eus | 2024-11-21 | 9.8 Critical |
| bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | ||||
| CVE-2023-36660 | 1 Nettle Project | 1 Nettle | 2024-11-21 | 9.8 Critical |
| The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. | ||||
| CVE-2023-35002 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-33867 | 1 Intel | 2 Realsense 450 Fa, Realsense 450 Fa Firmware | 2024-11-21 | 4.4 Medium |
| Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32656 | 1 Intel | 2 Realsense 450 Fa, Realsense 450 Fa Firmware | 2024-11-21 | 5.3 Medium |
| Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||