Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49121 | 1 Siemens | 1 Solid Edge Se2023 | 2024-01-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-49129 | 1 Siemens | 1 Solid Edge Se2023 | 2024-01-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-49128 | 1 Siemens | 1 Solid Edge Se2023 | 2024-01-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2020-13880 | 1 Irfanview | 1 B3d | 2024-01-10 | N/A | 9.8 CRITICAL |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. | |||||
| CVE-2020-13879 | 1 Irfanview | 1 B3d | 2024-01-10 | N/A | 9.8 CRITICAL |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. | |||||
| CVE-2020-13878 | 1 Irfanview | 1 B3d | 2024-01-10 | N/A | 9.8 CRITICAL |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | |||||
| CVE-2023-46136 | 1 Palletsprojects | 1 Werkzeug | 2024-01-10 | N/A | 7.5 HIGH |
| Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1. | |||||
| CVE-2021-40367 | 1 Siemens-healthineers | 1 Syngo Fastview | 2024-01-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097) | |||||
| CVE-2021-42028 | 1 Siemens-healthineers | 1 Syngo Fastview | 2024-01-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860) | |||||
| CVE-2022-2081 | 1 Hitachienergy | 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more | 2024-01-10 | N/A | 7.5 HIGH |
| A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function. | |||||
| CVE-2023-38858 | 1 Faad2 Project | 1 Faad2 | 2024-01-10 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. | |||||
| CVE-2023-38857 | 1 Faad2 Project | 1 Faad2 | 2024-01-10 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. | |||||
| CVE-2023-6992 | 1 Cloudflare | 1 Zlib | 2024-01-10 | N/A | 5.5 MEDIUM |
| Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. | |||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2024-01-09 | N/A | 9.8 CRITICAL |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | |||||
| CVE-2023-30774 | 2 Apple, Libtiff | 2 Macos, Libtiff | 2024-01-09 | N/A | 5.5 MEDIUM |
| A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | |||||
| CVE-2021-46901 | 1 Cetic | 1 Cetic-6lbr | 2024-01-08 | N/A | 7.5 HIGH |
| examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network. | |||||
| CVE-2023-6213 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. | |||||
| CVE-2023-5731 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. | |||||
| CVE-2023-4058 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116. | |||||
| CVE-2023-37212 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. | |||||