Total
11936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21047 | 1 Google | 1 Android | 2023-03-29 | N/A | 4.4 MEDIUM |
| In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-256166866References: N/A | |||||
| CVE-2023-21044 | 1 Google | 1 Android | 2023-03-29 | N/A | 4.4 MEDIUM |
| In init of VendorGraphicBufferMeta, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253425086References: N/A | |||||
| CVE-2021-3674 | 1 Rizin | 1 Rizin | 2023-03-29 | N/A | 7.8 HIGH |
| A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function. | |||||
| CVE-2021-43313 | 1 Upx Project | 1 Upx | 2023-03-28 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. | |||||
| CVE-2021-43312 | 1 Upx Project | 1 Upx | 2023-03-28 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. | |||||
| CVE-2021-43311 | 1 Upx Project | 1 Upx | 2023-03-28 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. | |||||
| CVE-2021-43317 | 1 Upx Project | 1 Upx | 2023-03-28 | N/A | 7.5 HIGH |
| A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 | |||||
| CVE-2021-43315 | 1 Upx Project | 1 Upx | 2023-03-28 | N/A | 7.5 HIGH |
| A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 | |||||
| CVE-2021-43314 | 1 Upx Project | 1 Upx | 2023-03-28 | N/A | 7.5 HIGH |
| A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 | |||||
| CVE-2021-43316 | 1 Upx Project | 1 Upx | 2023-03-28 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). | |||||
| CVE-2023-22882 | 1 Zoom | 1 Zoom | 2023-03-28 | N/A | 7.5 HIGH |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | |||||
| CVE-2023-22881 | 1 Zoom | 1 Zoom | 2023-03-28 | N/A | 7.5 HIGH |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | |||||
| CVE-2019-1772 | 1 Cisco | 4 Webex Business Suite, Webex Business Suite Lockdown, Webex Meetings Online and 1 more | 2023-03-24 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | |||||
| CVE-2019-1771 | 1 Cisco | 4 Webex Business Suite, Webex Business Suite Lockdown, Webex Meetings Online and 1 more | 2023-03-24 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | |||||
| CVE-2022-41342 | 1 Intel | 1 C\+\+ Compiler | 2023-03-17 | N/A | 7.8 HIGH |
| Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-47453 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service. | |||||
| CVE-2023-24564 | 1 Siemens | 1 Solid Edge Se2023 | 2023-03-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069) | |||||
| CVE-2019-8720 | 3 Redhat, Webkitgtk, Wpewebkit | 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more | 2023-03-11 | N/A | 8.8 HIGH |
| A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | |||||
| CVE-2019-1926 | 1 Cisco | 3 Webex Business Suite, Webex Meetings Online, Webex Meetings Server | 2023-03-08 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2019-1927 | 1 Cisco | 3 Webex Business Suite, Webex Meetings Online, Webex Meetings Server | 2023-03-08 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||