Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6070 | 2 F2fs-tools Project, Fedoraproject | 2 F2fs-tools, Fedora | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-14385 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-11-07 | 4.7 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2019-5435 | 1 Haxx | 1 Curl | 2023-11-07 | 4.3 MEDIUM | 3.7 LOW |
| An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | |||||
| CVE-2019-3560 | 1 Facebook | 1 Fizz | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. | |||||
| CVE-2019-15161 | 1 Tcpdump | 1 Libpcap | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. | |||||
| CVE-2017-14934 | 1 Gnu | 1 Binutils | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | |||||
| CVE-2023-36824 | 2 Fedoraproject, Redis | 2 Fedora, Redis | 2023-08-14 | N/A | 8.8 HIGH |
| Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12. | |||||
| CVE-2023-20798 | 2 Google, Mediatek | 12 Android, Mt2713, Mt6855 and 9 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076. | |||||
| CVE-2022-32630 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966. | |||||
| CVE-2022-32624 | 2 Google, Mediatek | 8 Android, Mt6789, Mt6855 and 5 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923. | |||||
| CVE-2021-21773 | 1 Accusoft | 1 Imagegear | 2023-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21782 | 1 Accusoft | 1 Imagegear | 2023-06-26 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21793 | 1 Accusoft | 1 Imagegear | 2023-06-26 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-30575 | 1 Apache | 1 Guacamole | 2023-06-15 | N/A | 7.5 HIGH |
| Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. | |||||
| CVE-2023-2687 | 1 Silabs | 1 Gecko Software Development Kit | 2023-06-09 | N/A | 3.3 LOW |
| Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | |||||
| CVE-2023-0568 | 1 Php | 1 Php | 2023-05-17 | N/A | 8.1 HIGH |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | |||||
| CVE-2023-24819 | 1 Riot-os | 1 Riot | 2023-05-03 | N/A | 9.8 CRITICAL |
| RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | |||||
| CVE-2021-35134 | 1 Qualcomm | 59 Qca6391, Qca6391 Firmware, Qcm6490 and 56 more | 2023-04-19 | N/A | 8.4 HIGH |
| Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2019-19282 | 1 Siemens | 6 Openpcs 7, Simatic Batch, Simatic Net Pc and 3 more | 2023-04-11 | 7.1 HIGH | 7.5 HIGH |
| A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction. | |||||
| CVE-2023-20627 | 2 Google, Mediatek | 6 Android, Mt6879, Mt6895 and 3 more | 2023-03-13 | N/A | 6.7 MEDIUM |
| In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585. | |||||