Total
7966 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-25860 | 2023-03-22 | N/A | 7.8 HIGH | ||
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-25861 | 2023-03-22 | N/A | 7.8 HIGH | ||
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-25281 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2023-03-21 | N/A | 7.5 HIGH |
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp. | |||||
CVE-2023-27239 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-03-21 | N/A | 9.8 CRITICAL |
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. | |||||
CVE-2023-27590 | 1 Rizin | 1 Rizin | 2023-03-21 | N/A | 7.8 HIGH |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands. | |||||
CVE-2019-0810 | 1 Microsoft | 10 Chakracore, Edge, Windows 10 and 7 more | 2023-03-20 | 7.6 HIGH | 7.5 HIGH |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | |||||
CVE-2023-25282 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2023-03-17 | N/A | 6.5 MEDIUM |
A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp. | |||||
CVE-2023-27103 | 1 Struktur | 1 Libde265 | 2023-03-17 | N/A | 8.8 HIGH |
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. | |||||
CVE-2023-27781 | 1 Jpegoptim Project | 1 Jpegoptim | 2023-03-17 | N/A | 7.8 HIGH |
jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c. | |||||
CVE-2023-26074 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2023-03-17 | N/A | 9.8 CRITICAL |
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding operator-defined access category definitions. | |||||
CVE-2023-26073 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2023-03-17 | N/A | 9.8 CRITICAL |
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list. | |||||
CVE-2023-26072 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2023-03-17 | N/A | 9.8 CRITICAL |
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Emergency number list. | |||||
CVE-2022-43605 | 2023-03-16 | N/A | N/A | ||
An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out of bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability. | |||||
CVE-2022-43604 | 2023-03-16 | N/A | N/A | ||
An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability. | |||||
CVE-2022-32863 | 1 Apple | 2 Macos, Safari | 2023-03-16 | N/A | 9.8 CRITICAL |
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2022-32793 | 2 Apple, Fedoraproject | 6 Ipados, Iphone Os, Macos and 3 more | 2023-03-16 | N/A | 7.5 HIGH |
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. | |||||
CVE-2021-32142 | 1 Libraw | 1 Libraw | 2023-03-16 | N/A | 7.8 HIGH |
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. | |||||
CVE-2023-27398 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304) | |||||
CVE-2023-27399 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346) | |||||
CVE-2023-27403 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348) |