Export limit exceeded: 43892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24609 | 2 Matrixssl, Rambus | 2 Matrixssl, Tls Toolkit | 2024-11-21 | 7.5 High |
| Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. | ||||
| CVE-2023-24590 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-11-21 | 7.5 High |
| A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | ||||
| CVE-2023-24585 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 7.7 High |
| An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-24555 | 1 Siemens | 2 Solid Edge Se2022, Solid Edge Se2023 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-24552 | 1 Siemens | 2 Solid Edge Se2022, Solid Edge Se2023 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process. | ||||
| CVE-2023-24548 | 1 Arista | 44 7280cr3-32d4, 7280cr3-32p4, 7280cr3-36s and 41 more | 2024-11-21 | 5.3 Medium |
| On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place. | ||||
| CVE-2023-24474 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-11-21 | 7.5 High |
| Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message | ||||
| CVE-2023-24473 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-24294 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2024-11-21 | 7.5 High |
| Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification. | ||||
| CVE-2023-24018 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2023-24015 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | 4.3 Medium |
| A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading. | ||||
| CVE-2023-23903 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | 4.9 Medium |
| An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention. | ||||
| CVE-2023-23902 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 9.8 Critical |
| A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
| CVE-2023-23783 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.5 Medium |
| A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
| CVE-2023-23782 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.1 High |
| A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands. | ||||
| CVE-2023-23781 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.1 Medium |
| A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. | ||||
| CVE-2023-23780 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.6 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests. | ||||
| CVE-2023-23581 | 1 Softether | 1 Vpn | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. | ||||
| CVE-2023-23571 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.5 High |
| An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability. | ||||