Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43122 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2023-12-15 | N/A | 4.6 MEDIUM |
| Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader. | |||||
| CVE-2023-4016 | 2 Fedoraproject, Procps Project | 2 Fedora, Procps | 2023-12-15 | N/A | 3.3 LOW |
| Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. | |||||
| CVE-2023-47063 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-5941 | 1 Freebsd | 1 Freebsd | 2023-12-14 | N/A | 9.8 CRITICAL |
| In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program. | |||||
| CVE-2023-41268 | 1 Samsung | 1 Escargot | 2023-12-14 | N/A | 9.8 CRITICAL |
| Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. | |||||
| CVE-2023-49418 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. | |||||
| CVE-2023-49417 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | |||||
| CVE-2023-42903 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42902 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42901 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42906 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42905 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42904 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42909 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42908 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42907 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42912 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42910 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-42911 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-49800 | 1 Johannschopplich | 1 Nuxt Api Party | 2023-12-13 | N/A | 7.5 HIGH |
| `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. | |||||