Export limit exceeded: 349929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36482 | 1 Samsung | 10 S3nrn4v, S3nrn4v Firmware, S3nrn82 and 7 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart. | ||||
| CVE-2023-36481 | 1 Samsung | 27 Exynos, Exynos 1080, Exynos 1080 Firmware and 24 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop. | ||||
| CVE-2023-36327 | 1 Relic Project | 1 Relic | 2024-11-21 | 9.8 Critical |
| Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. | ||||
| CVE-2023-36326 | 1 Relic Project | 1 Relic | 2024-11-21 | 9.8 Critical |
| Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | ||||
| CVE-2023-36321 | 1 Covesa | 1 Dlt-daemon | 2024-11-21 | 7.5 High |
| Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c. | ||||
| CVE-2023-36307 | 1 Simonwaldherr | 1 Zplgfa | 2024-11-21 | 5.5 Medium |
| ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence | ||||
| CVE-2023-36201 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. | ||||
| CVE-2023-36198 | 1 Skale | 1 Sgxwallet | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function. | ||||
| CVE-2023-36187 | 1 Netgear | 30 Cbr40, Cbr40 Firmware, Lax20 and 27 more | 2024-11-21 | 9.8 Critical |
| Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. | ||||
| CVE-2023-36109 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 9.8 Critical |
| Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. | ||||
| CVE-2023-35982 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Instantos, Arba Access Points Running Instantos And Arubaos 10 | 2024-11-21 | 9.8 Critical |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-35981 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Instantos, Arba Access Points Running Instantos And Arubaos 10 | 2024-11-21 | 9.8 Critical |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-35980 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Instantos, Arba Access Points Running Instantos And Arubaos 10 | 2024-11-21 | 9.8 Critical |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-35944 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 8.2 High |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue. | ||||
| CVE-2023-35941 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 8.6 High |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. | ||||
| CVE-2023-35803 | 1 Extremenetworks | 29 Ap1130, Ap122, Ap130 and 26 more | 2024-11-21 | 9.8 Critical |
| IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | ||||
| CVE-2023-35802 | 1 Extremenetworks | 29 Ap1130, Ap122, Ap130 and 26 more | 2024-11-21 | 9.8 Critical |
| IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit. | ||||
| CVE-2023-35694 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35691 | 1 Google | 1 Android | 2024-11-21 | 7.2 High |
| there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35689 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||