Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27835 | 1 Google | 1 Android | 2023-06-28 | 9.3 HIGH | 7.8 HIGH |
| Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | |||||
| CVE-2023-32538 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2023-06-27 | N/A | 7.8 HIGH |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201. | |||||
| CVE-2022-25959 | 1 Omron | 1 Cx-position | 2023-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-39392 | 1 Bytecodealliance | 1 Wasmtime | 2023-06-27 | N/A | 7.4 HIGH |
| Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime's default settings require virtual memory page faults to indicate that wasm reads/writes are out-of-bounds, but the pooling allocator's configuration would not create an appropriate virtual memory mapping for this meaning out of bounds reads/writes can successfully read/write memory unrelated to the wasm sandbox within range of the base address of the memory mapping created by the pooling allocator. This bug is not applicable with the default settings of the `wasmtime` crate. This bug can only be triggered by setting `InstanceLimits::memory_pages` to zero. This is expected to be a very rare configuration since this means that wasm modules cannot allocate any pages of linear memory. All wasm modules produced by all current toolchains are highly likely to use linear memory, so it's expected to be unlikely that this configuration is set to zero by any production embedding of Wasmtime. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by increasing the `memory_pages` allotment when configuring the pooling allocator to a value greater than zero. If an embedding wishes to still prevent memory from actually being used then the `Store::limiter` method can be used to dynamically disallow growth of memory beyond 0 bytes large. Note that the default `memory_pages` value is greater than zero. | |||||
| CVE-2022-1052 | 1 Radare | 1 Radare2 | 2023-06-27 | 2.1 LOW | 5.5 MEDIUM |
| Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6. | |||||
| CVE-2023-34623 | 1 Jtidy Project | 1 Jtidy | 2023-06-27 | N/A | 7.5 HIGH |
| An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34620 | 1 Hjson Project | 1 Hjson | 2023-06-27 | N/A | 7.5 HIGH |
| An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2023-34616 | 1 Pbjson Project | 1 Pbjson | 2023-06-27 | N/A | 7.5 HIGH |
| An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2021-37404 | 1 Apache | 1 Hadoop | 2023-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | |||||
| CVE-2023-34614 | 1 Jsonij Project | 1 Jsonij | 2023-06-27 | N/A | 7.5 HIGH |
| An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2022-41902 | 1 Google | 1 Tensorflow | 2023-06-27 | N/A | 9.1 CRITICAL |
| TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. | |||||
| CVE-2023-34613 | 1 Sojo Project | 1 Sojo | 2023-06-27 | N/A | 7.5 HIGH |
| An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | |||||
| CVE-2022-42377 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-06-27 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630. | |||||
| CVE-2023-36273 | 1 Gnu | 1 Libredwg | 2023-06-27 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | |||||
| CVE-2023-36274 | 1 Gnu | 1 Libredwg | 2023-06-27 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. | |||||
| CVE-2023-36271 | 1 Gnu | 1 Libredwg | 2023-06-27 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | |||||
| CVE-2023-36272 | 1 Gnu | 1 Libredwg | 2023-06-27 | N/A | 8.8 HIGH |
| LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. | |||||
| CVE-2023-29531 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2023-06-27 | N/A | 9.8 CRITICAL |
| An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | |||||
| CVE-2022-48330 | 1 Huawei | 2 Flmg-10, Flmg-10 Firmware | 2023-06-26 | N/A | 8.0 HIGH |
| A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00). | |||||
| CVE-2021-26567 | 2 Faad2 Project, Synology | 8 Faad2, Diskstation Manager, Diskstation Manager Unified Controller and 5 more | 2023-06-26 | 6.5 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. | |||||