Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42443 | 1 Vyperlang | 1 Vyper | 2023-09-22 | N/A | 8.1 HIGH |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode. Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin. | |||||
| CVE-2023-43196 | 1 Dlink | 2 Di-7200g, Di-7200g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. | |||||
| CVE-2023-43197 | 1 Dlink | 2 Di-7200g, Di-7200g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. | |||||
| CVE-2023-43198 | 1 Dlink | 2 Di-7200g, Di-7200g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. | |||||
| CVE-2023-43199 | 1 Dlink | 2 Di-7200g, Di-7200g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. | |||||
| CVE-2023-43200 | 1 Dlink | 2 Di-7200g, Di-7200g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. | |||||
| CVE-2023-43201 | 1 Dlink | 2 Di-7200g, Di-7200g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. | |||||
| CVE-2023-43203 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. | |||||
| CVE-2023-43242 | 1 Dlink | 2 Dir-816a2, Dir-816a2 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. | |||||
| CVE-2023-43241 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity. | |||||
| CVE-2023-43240 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. | |||||
| CVE-2023-43239 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. | |||||
| CVE-2023-43238 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. | |||||
| CVE-2023-43237 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. | |||||
| CVE-2023-43236 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. | |||||
| CVE-2023-43235 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings. | |||||
| CVE-2022-30114 | 1 Fastweb | 4 Fastgate Gpon Fga2130fwb, Fastgate Gpon Fga2130fwb Firmware, Fastgate Vdsl2 Dga4131fwb and 1 more | 2023-09-21 | N/A | 7.5 HIGH |
| A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | |||||
| CVE-2023-40018 | 1 Freeswitch | 1 Freeswitch | 2023-09-21 | N/A | 7.5 HIGH |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue. | |||||
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2023-09-18 | N/A | 9.8 CRITICAL |
| An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | |||||
| CVE-2023-38485 | 1 Arubanetworks | 5 9004, 9004-lte, 9012 and 2 more | 2023-09-15 | N/A | 6.4 MEDIUM |
| Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise. | |||||