Vulnerabilities (CVE)

Filtered by CWE-787
Total 7566 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26337 3 Adobe, Apple, Microsoft 3 Dimension, Macos, Windows 2023-03-31 N/A 7.8 HIGH
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-3626 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Active Iq Unified Manager 2023-03-31 N/A 6.5 MEDIUM
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
CVE-2022-3598 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Active Iq Unified Manager 2023-03-31 N/A 6.5 MEDIUM
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
CVE-2022-3051 2 Fedoraproject, Google 4 Fedora, Chrome, Chrome Os and 1 more 2023-03-31 N/A 8.8 HIGH
Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3052 2 Fedoraproject, Google 4 Fedora, Chrome, Chrome Os and 1 more 2023-03-31 N/A 8.8 HIGH
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2023-28445 1 Deno 3 Deno, Deno Runtime, Serde V8 2023-03-31 N/A 9.8 CRITICAL
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.
CVE-2021-31684 2 Json-smart Project, Oracle 3 Json-smart-v1, Json-smart-v2, Utilities Framework 2023-03-31 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
CVE-2023-24094 1 Mikrotik 1 Routeros 2023-03-31 N/A 7.5 HIGH
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
CVE-2023-20081 1 Cisco 304 8101-32fh, 8101-32h, 8102-64h and 301 more 2023-03-30 N/A 5.9 MEDIUM
A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position.
CVE-2023-21597 3 Adobe, Apple, Microsoft 3 Incopy, Macos, Windows 2023-03-30 N/A 7.8 HIGH
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-25671 1 Google 1 Tensorflow 2023-03-30 N/A 7.5 HIGH
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
CVE-2023-21057 1 Google 1 Android 2023-03-30 N/A 9.8 CRITICAL
In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A
CVE-2023-27042 1 Tenda 2 Ax3, Ax3 Firmware 2023-03-30 N/A 8.8 HIGH
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.
CVE-2023-1646 1 Iobit 1 Malware Fighter 2023-03-30 N/A 7.8 HIGH
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability.
CVE-2022-36040 1 Rizin 1 Rizin 2023-03-30 N/A 7.8 HIGH
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch.
CVE-2022-36042 1 Rizin 1 Rizin 2023-03-30 N/A 7.8 HIGH
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch.
CVE-2022-36041 1 Rizin 1 Rizin 2023-03-30 N/A 7.8 HIGH
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch.
CVE-2022-36044 1 Rizin 1 Rizin 2023-03-30 N/A 7.8 HIGH
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.
CVE-2023-21069 1 Google 1 Android 2023-03-30 N/A 6.7 MEDIUM
In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254029309References: N/A
CVE-2023-21072 1 Google 1 Android 2023-03-30 N/A 6.7 MEDIUM
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290781References: N/A