Total
1016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26394 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-04-19 | N/A | 7.8 HIGH |
| Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-22660 | 1 Justsystems | 1 Ichitaro 2022 | 2023-04-19 | N/A | 7.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. | |||||
| CVE-2022-45115 | 1 Justsystems | 1 Ichitaro 2022 | 2023-04-19 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-43648 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2023-04-08 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 1.20B03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MiniDLNA service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the MiniDLNA service. Was ZDI-CAN-19910. | |||||
| CVE-2022-24672 | 1 Canon | 152 1435i\+, 1435i\+ Firmware, 1435if and 149 more | 2023-04-03 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802. | |||||
| CVE-2023-1655 | 1 Gpac | 1 Gpac | 2023-04-03 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. | |||||
| CVE-2023-25874 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25872 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25868 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25864 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25890 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25898 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25897 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25895 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25882 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25883 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25885 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-04-03 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-25668 | 1 Google | 1 Tensorflow | 2023-03-31 | N/A | 9.8 CRITICAL |
| TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. | |||||
| CVE-2023-24551 | 1 Siemens | 1 Solid Edge Se2023 | 2023-03-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2023-24550 | 1 Siemens | 1 Solid Edge Se2023 | 2023-03-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||