BELL-CVE-2026-23377

Bulletin has no description...

CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz

In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...

Linux Distros Unpatched Vulnerability : CVE-2026-23377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects...

CVE-2024-23377

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

CVE-2025-23377

CVE-2025-23377 affects Dell PowerProtect Data Manager Reporting (versions 19.17–19.18). The issue is improper encoding/escaping of output in reporting outputs, enabling a high-privileged local attacker to inject arbitrary web script or HTML into reports. The connected PT-Security advisory notes t...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

CVE-2024-23377

creationtimestamp| type| source ---|---|--- 2024-11-04 11:55:39+00:00| seen| https://t.me/cvedetector/9718...

CVE-2024-23377 Use of Out-of-range Pointer Offset in ComputerVision

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...

CVE-2023-23377

creationtimestamp| type| source ---|---|--- 2023-02-14 22:42:10+00:00| seen| https://t.me/cibsecurity/58176...

CVE-2023-23377

3D Builder Remote Code Execution Vulnerability...

CVE-2023-23377

CVE-2023-23377 corresponds to vulnerabilities in Microsoft 3D Builder. The connected sources identify a remote code execution issue affecting the 3D Builder app, described as a buffer-overflow style flaw during WRL file parsing, enabling arbitrary code execution. The evidence points to multiple a...

CVE-2023-23377 3D Builder Remote Code Execution Vulnerability

...

CVE-2023-23377 3D Builder Remote Code Execution Vulnerability

...

CVE-2022-23377

creationtimestamp| type| source ---|---|--- 2022-03-01 16:23:25+00:00| seen| https://t.me/cibsecurity/38258...

CVE-2022-23377

Archeevo below 5.0 is affected by local file inclusion through file=/web.config to allow an attacker to retrieve local files...

CVE-2022-23377

CVE-2022-23377 affects Archeevo below 5.0. The vulnerability is a local file inclusion (LFI) via the parameter file=~/web.config, enabling an attacker to retrieve local files. Root cause: insecure handling of file path leading to LFI. Impact stated in sources includes potential disclosure of loca...

CVE-2021-23377

This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23377 Arbitrary Command Injection

This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...