Export limit exceeded: 364158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (46053 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2232 1 Gitlab 1 Gitlab 2024-11-27 6.5 Medium
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
CVE-2023-21226 1 Google 1 Android 2024-11-27 7.5 High
In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240728187References: N/A
CVE-2023-30259 1 Librecad 1 Librecad 2024-11-27 5.5 Medium
A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.
CVE-2023-42800 1 Moonlight-stream 7 Moonlight, Moonlight-common-c, Moonlight Embedded and 4 more 2024-11-27 8.8 High
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit 50c0a51b10ecc5b3415ea78c21d96d679e2288f9 due to unmitigated usage of unsafe C functions and improper bounds checking. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a moonlight client, or achieve remote code execution (RCE) on the client (with insufficient exploit mitigations or if mitigations can be bypassed). The bug was addressed in commit 24750d4b748fefa03d09fcfd6d45056faca354e0.
CVE-2023-48298 1 Clickhouse 2 Clickhouse, Clickhouse Cloud 2024-11-27 5.9 Medium
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.
CVE-2023-48308 1 Nextcloud 1 Calendar 2024-11-27 3.5 Low
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3
CVE-2023-26616 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-27 9.8 Critical
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.
CVE-2023-22796 2 Activesupport Project, Redhat 3 Activesupport, Logging, Satellite 2024-11-27 7.5 High
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
CVE-2023-34658 1 Telegram 1 Telegram 2024-11-27 5.3 Medium
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.
CVE-2023-36475 1 Parseplatform 1 Parse-server 2024-11-27 9.8 Critical
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.
CVE-2023-38403 7 Apple, Debian, Es and 4 more 12 Macos, Debian Linux, Iperf3 and 9 more 2024-11-27 7.5 High
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
CVE-2022-46408 1 Ericsson 1 Network Manager 2024-11-27 6.8 Medium
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.
CVE-2023-26085 1 Arm 1 Nn Android Neural Networks Driver 2024-11-27 7.8 High
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.
CVE-2023-26612 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-27 9.8 Critical
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.
CVE-2020-19186 2 Gnu, Netapp 2 Ncurses, Active Iq Unified Manager 2024-11-27 6.5 Medium
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVE-2024-9753 1 Tungstenautomation 1 Power Pdf 2024-11-26 3.3 Low
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24470.
CVE-2024-9752 1 Tungstenautomation 1 Power Pdf 2024-11-26 3.3 Low
Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24469.
CVE-2024-9751 1 Tungstenautomation 1 Power Pdf 2024-11-26 7.8 High
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24468.
CVE-2024-9759 1 Tungstenautomation 1 Power Pdf 2024-11-26 3.3 Low
Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24475.
CVE-2024-9767 1 Irfanview 1 Irfanview 2024-11-26 7.8 High
IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23277.