Total
12781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43816 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.3 Medium |
| A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. | ||||
| CVE-2023-43815 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution. | ||||
| CVE-2023-43554 | 1 Qualcomm | 84 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 81 more | 2024-11-21 | 8.4 High |
| Memory corruption while processing IOCTL handler in FastRPC. | ||||
| CVE-2023-43534 | 1 Qualcomm | 132 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 129 more | 2024-11-21 | 8.6 High |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. | ||||
| CVE-2023-43361 | 2 Redhat, Xiph | 2 Enterprise Linux, Vorbis-tools | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | ||||
| CVE-2023-42506 | 1 Jtekt | 1 Onsinview2 | 2024-11-21 | 7.8 High |
| Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file. | ||||
| CVE-2023-42116 | 1 Exim | 1 Exim | 2024-11-21 | 8.1 High |
| Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17515. | ||||
| CVE-2023-42078 | 2024-11-21 | N/A | ||
| PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21850. | ||||
| CVE-2023-42047 | 2024-11-21 | N/A | ||
| PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20908. | ||||
| CVE-2023-42043 | 2024-11-21 | N/A | ||
| PDF-XChange Editor PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20887. | ||||
| CVE-2023-42037 | 1 Kofax | 1 Power Pdf | 2024-11-21 | N/A |
| Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21583. | ||||
| CVE-2023-42036 | 1 Kofax | 1 Power Pdf | 2024-11-21 | N/A |
| Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21582. | ||||
| CVE-2023-41846 | 1 Siemens | 1 Tecnomatix | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-41139 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2024-11-21 | 7.8 High |
| A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | ||||
| CVE-2023-41104 | 2 Libvmod Digest, Varnish-software | 3 Libvmod Digest, Varnish Enterprise, Vmod Digest | 2024-11-21 | 6.5 Medium |
| libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. | ||||
| CVE-2023-40857 | 1 Virustotal | 1 Yara | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component. | ||||
| CVE-2023-40052 | 1 Progress | 2 Openedge, Openedge Innovation | 2024-11-21 | 7.5 High |
| This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests. | ||||
| CVE-2023-3953 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2024-11-21 | 5.3 Medium |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | ||||
| CVE-2023-3889 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-11-21 | 7.8 High |
| A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory. | ||||
| CVE-2023-3471 | 1 Panasonic | 1 Kw Watcher | 2024-11-21 | 8.6 High |
| Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. | ||||