Total
7566 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-26337 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-03-31 | N/A | 7.8 HIGH |
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-3626 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2023-03-31 | N/A | 6.5 MEDIUM |
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | |||||
CVE-2022-3598 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Active Iq Unified Manager | 2023-03-31 | N/A | 6.5 MEDIUM |
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. | |||||
CVE-2022-3051 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2023-03-31 | N/A | 8.8 HIGH |
Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | |||||
CVE-2022-3052 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2023-03-31 | N/A | 8.8 HIGH |
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | |||||
CVE-2023-28445 | 1 Deno | 3 Deno, Deno Runtime, Serde V8 | 2023-03-31 | N/A | 9.8 CRITICAL |
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers. | |||||
CVE-2021-31684 | 2 Json-smart Project, Oracle | 3 Json-smart-v1, Json-smart-v2, Utilities Framework | 2023-03-31 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. | |||||
CVE-2023-24094 | 1 Mikrotik | 1 Routeros | 2023-03-31 | N/A | 7.5 HIGH |
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. | |||||
CVE-2023-20081 | 1 Cisco | 304 8101-32fh, 8101-32h, 8102-64h and 301 more | 2023-03-30 | N/A | 5.9 MEDIUM |
A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position. | |||||
CVE-2023-21597 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2023-03-30 | N/A | 7.8 HIGH |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-25671 | 1 Google | 1 Tensorflow | 2023-03-30 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | |||||
CVE-2023-21057 | 1 Google | 1 Android | 2023-03-30 | N/A | 9.8 CRITICAL |
In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A | |||||
CVE-2023-27042 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-03-30 | N/A | 8.8 HIGH |
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. | |||||
CVE-2023-1646 | 1 Iobit | 1 Malware Fighter | 2023-03-30 | N/A | 7.8 HIGH |
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability. | |||||
CVE-2022-36040 | 1 Rizin | 1 Rizin | 2023-03-30 | N/A | 7.8 HIGH |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch. | |||||
CVE-2022-36042 | 1 Rizin | 1 Rizin | 2023-03-30 | N/A | 7.8 HIGH |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch. | |||||
CVE-2022-36041 | 1 Rizin | 1 Rizin | 2023-03-30 | N/A | 7.8 HIGH |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch. | |||||
CVE-2022-36044 | 1 Rizin | 1 Rizin | 2023-03-30 | N/A | 7.8 HIGH |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue. | |||||
CVE-2023-21069 | 1 Google | 1 Android | 2023-03-30 | N/A | 6.7 MEDIUM |
In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254029309References: N/A | |||||
CVE-2023-21072 | 1 Google | 1 Android | 2023-03-30 | N/A | 6.7 MEDIUM |
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290781References: N/A |