Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48691 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-3138 | 2 Redhat, X.org | 2 Enterprise Linux, Libx11 | 2023-12-08 | N/A | 7.5 HIGH |
| A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. | |||||
| CVE-2023-42566 | 1 Samsung | 1 Android | 2023-12-08 | N/A | 7.8 HIGH |
| Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2023-48316 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48315 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48695 | 1 Microsoft | 1 Azure Rtos Usbx | 2023-12-08 | N/A | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40465 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-08 | N/A | 5.5 MEDIUM |
| Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. | |||||
| CVE-2023-32804 | 1 Arm | 4 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2023-12-07 | N/A | 7.8 HIGH |
| Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0. | |||||
| CVE-2023-32867 | 2 Google, Mediatek | 27 Android, Mt6761, Mt6765 and 24 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793. | |||||
| CVE-2023-32868 | 2 Google, Mediatek | 27 Android, Mt6761, Mt6765 and 24 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632. | |||||
| CVE-2023-32869 | 2 Google, Mediatek | 27 Android, Mt6761, Mt6765 and 24 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689. | |||||
| CVE-2023-2798 | 1 Htmlunit | 1 Htmlunit | 2023-12-07 | N/A | 7.5 HIGH |
| Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. | |||||
| CVE-2023-32864 | 2 Google, Mediatek | 26 Android, Mt6761, Mt6765 and 23 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187. | |||||
| CVE-2023-32866 | 2 Google, Mediatek | 26 Android, Mt6761, Mt6765 and 23 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152. | |||||
| CVE-2023-32865 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6765 and 22 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363456; Issue ID: ALPS07363456. | |||||
| CVE-2023-32848 | 2 Google, Mediatek | 11 Android, Mt6761, Mt6763 and 8 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896. | |||||
| CVE-2023-32847 | 2 Google, Mediatek | 47 Android, Mt2713, Mt6580 and 44 more | 2023-12-07 | N/A | 7.8 HIGH |
| In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940. | |||||
| CVE-2023-32849 | 2 Google, Mediatek | 19 Android, Mt6781, Mt6785 and 16 more | 2023-12-07 | N/A | 6.7 MEDIUM |
| In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758. | |||||
| CVE-2023-32850 | 2 Google, Mediatek | 37 Android, Mt6580, Mt6739 and 34 more | 2023-12-07 | N/A | 7.8 HIGH |
| In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659. | |||||
| CVE-2023-32851 | 2 Google, Mediatek | 37 Android, Mt6580, Mt6739 and 34 more | 2023-12-07 | N/A | 7.8 HIGH |
| In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652. | |||||