Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-120
Total 1596 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1560 2023-03-22 N/A N/A
A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability.
CVE-2023-26769 1 Liblouis 1 Liblouis 2023-03-21 N/A 7.5 HIGH
Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.
CVE-2023-26768 1 Liblouis 1 Liblouis 2023-03-21 N/A 7.5 HIGH
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions.
CVE-2023-26767 1 Liblouis 1 Liblouis 2023-03-21 N/A 7.5 HIGH
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.
CVE-2022-24793 2 Debian, Pjsip 2 Debian Linux, Pjsip 2023-03-20 4.3 MEDIUM 7.5 HIGH
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.
CVE-2023-27585 2023-03-20 N/A N/A
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.
CVE-2023-26076 1 Samsung 10 Exynos 1280, Exynos 1280 Firmware, Exynos 2200 and 7 more 2023-03-20 N/A 9.8 CRITICAL
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options.
CVE-2023-28116 2023-03-19 N/A N/A
Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually.
CVE-2020-27507 1 Kamailio 1 Kamailio 2023-03-18 N/A 9.8 CRITICAL
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.
CVE-2023-26075 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2023-03-17 N/A 9.8 CRITICAL
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.
CVE-2023-1452 2023-03-17 N/A N/A
A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.
CVE-2022-40540 1 Qualcomm 32 Sd888 5g, Sd888 5g Firmware, Sd 8 Gen1 5g and 29 more 2023-03-16 N/A 7.8 HIGH
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
CVE-2023-27061 1 Tenda 2 W15e, W15e Firmware 2023-03-16 N/A 9.8 CRITICAL
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27065 1 Tenda 2 W15e, W15e Firmware 2023-03-16 N/A 7.5 HIGH
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27064 1 Tenda 2 W15e, W15e Firmware 2023-03-16 N/A 7.5 HIGH
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27063 1 Tenda 2 W15e, W15e Firmware 2023-03-16 N/A 9.8 CRITICAL
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27062 1 Tenda 2 W15e, W15e Firmware 2023-03-16 N/A 7.5 HIGH
Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27852 1 Netgear 2 Rax30, Rax30 Firmware 2023-03-16 N/A 9.8 CRITICAL
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.
CVE-2023-27853 1 Netgear 2 Rax30, Rax30 Firmware 2023-03-16 N/A 9.8 CRITICAL
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.
CVE-2022-33278 1 Qualcomm 246 Aqt1000, Aqt1000 Firmware, Ar8035 and 243 more 2023-03-15 N/A 7.8 HIGH
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.