Total
2290 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34336 | 1 Ami | 1 Megarac Sp-x | 2023-06-20 | N/A | 8.8 HIGH |
| AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. | |||||
| CVE-2021-45039 | 1 Uniview | 1 Camera Firmware | 2023-06-14 | N/A | 9.8 CRITICAL |
| Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command. | |||||
| CVE-2023-31475 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2023-06-12 | N/A | 9.8 CRITICAL |
| An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. | |||||
| CVE-2023-27989 | 1 Zyxel | 8 Lte7480-m804, Lte7480-m804 Firmware, Lte7490-m904 and 5 more | 2023-06-12 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
| CVE-2023-33457 | 1 Sogou | 1 C\+\+ Workflow | 2023-06-12 | N/A | 8.8 HIGH |
| In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. | |||||
| CVE-2023-32181 | 1 Opensuse | 1 Libeconf | 2023-06-08 | N/A | 6.5 MEDIUM |
| A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. | |||||
| CVE-2023-24584 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2023-06-08 | N/A | 9.8 CRITICAL |
| Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. | |||||
| CVE-2023-33010 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2023-06-07 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | |||||
| CVE-2023-2597 | 1 Eclipse | 1 Openj9 | 2023-05-30 | N/A | 9.1 CRITICAL |
| In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | |||||
| CVE-2020-27507 | 1 Kamailio | 1 Kamailio | 2023-05-30 | N/A | 9.8 CRITICAL |
| The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. | |||||
| CVE-2023-23302 | 1 Garmin | 1 Connect-iq | 2023-05-30 | N/A | 9.8 CRITICAL |
| The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | |||||
| CVE-2023-23303 | 1 Garmin | 1 Connect-iq | 2023-05-30 | N/A | 9.8 CRITICAL |
| The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | |||||
| CVE-2023-23305 | 1 Garmin | 1 Connect-iq | 2023-05-30 | N/A | 9.8 CRITICAL |
| The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware. | |||||
| CVE-2023-23300 | 1 Garmin | 1 Connect-iq | 2023-05-30 | N/A | 9.8 CRITICAL |
| The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | |||||
| CVE-2023-27518 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2023-05-30 | N/A | 8.8 HIGH |
| Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. | |||||
| CVE-2021-46886 | 1 Huawei | 1 Emui | 2023-05-29 | N/A | 7.5 HIGH |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2021-46885 | 1 Huawei | 1 Emui | 2023-05-29 | N/A | 7.5 HIGH |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2021-46884 | 1 Huawei | 1 Emui | 2023-05-29 | N/A | 7.5 HIGH |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2021-46883 | 1 Huawei | 1 Emui | 2023-05-29 | N/A | 7.5 HIGH |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2021-46882 | 1 Huawei | 1 Emui | 2023-05-29 | N/A | 7.5 HIGH |
| The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | |||||