Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-787
Total 7966 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25860 2023-03-22 N/A 7.8 HIGH
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-25861 2023-03-22 N/A 7.8 HIGH
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-25281 1 Dlink 2 Dir820la1, Dir820la1 Firmware 2023-03-21 N/A 7.5 HIGH
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.
CVE-2023-27239 1 Tenda 2 Ax3, Ax3 Firmware 2023-03-21 N/A 9.8 CRITICAL
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.
CVE-2023-27590 1 Rizin 1 Rizin 2023-03-21 N/A 7.8 HIGH
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.
CVE-2019-0810 1 Microsoft 10 Chakracore, Edge, Windows 10 and 7 more 2023-03-20 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.
CVE-2023-25282 1 Dlink 2 Dir-820l, Dir-820l Firmware 2023-03-17 N/A 6.5 MEDIUM
A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.
CVE-2023-27103 1 Struktur 1 Libde265 2023-03-17 N/A 8.8 HIGH
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
CVE-2023-27781 1 Jpegoptim Project 1 Jpegoptim 2023-03-17 N/A 7.8 HIGH
jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.
CVE-2023-26074 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2023-03-17 N/A 9.8 CRITICAL
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding operator-defined access category definitions.
CVE-2023-26073 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2023-03-17 N/A 9.8 CRITICAL
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.
CVE-2023-26072 1 Samsung 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more 2023-03-17 N/A 9.8 CRITICAL
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Emergency number list.
CVE-2022-43605 2023-03-16 N/A N/A
An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out of bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
CVE-2022-43604 2023-03-16 N/A N/A
An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
CVE-2022-32863 1 Apple 2 Macos, Safari 2023-03-16 N/A 9.8 CRITICAL
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-32793 2 Apple, Fedoraproject 6 Ipados, Iphone Os, Macos and 3 more 2023-03-16 N/A 7.5 HIGH
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.
CVE-2021-32142 1 Libraw 1 Libraw 2023-03-16 N/A 7.8 HIGH
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
CVE-2023-27398 1 Siemens 1 Tecnomatix Plant Simulation 2023-03-16 N/A 7.8 HIGH
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304)
CVE-2023-27399 1 Siemens 1 Tecnomatix Plant Simulation 2023-03-16 N/A 7.8 HIGH
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346)
CVE-2023-27403 1 Siemens 1 Tecnomatix Plant Simulation 2023-03-16 N/A 7.8 HIGH
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348)