CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

857 matches found

OSV•added 2023/10/21 12:15 a.m.•0 views

DEBIAN-CVE-2023-45675

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if the len read in startdecoder is -1 and len + 1 becomes 0 when passed to setupmalloc. The setupmalloc behaves...

7.8CVSS7.8AI score0.00759EPSS

Exploits0References1

OSV•added 2023/10/21 12:15 a.m.•0 views

UBUNTU-CVE-2023-45676

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...

7.8CVSS6.1AI score0.00518EPSS

Exploits0References7

Debian CVE•added 2023/10/20 11:26 p.m.•36 views

CVE-2023-45675

7.8CVSS7.8AI score0.00759EPSS

Exploits0

AlpineLinux•added 2023/10/20 11:26 p.m.•23 views

CVE-2023-45675

7.8CVSS8.3AI score0.00759EPSS

Exploits0

BDU FSTEC•added 2023/10/13 12:0 a.m.•5 views

The vulnerability of the MallocStackLogging component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS allows attackers to exploit their privileges.

The vulnerability of the MallocStackLogging component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS is related to insufficient validation of input values for the MallocStackLogging variable. Exploiting this vulnerability can allow attackers to gain increased privileges...

7.8CVSS7.2AI score0.00595EPSS

Exploits1References11Affected Software5

OSV•added 2023/10/11 4:15 p.m.•2 views

CVE-2023-35967

Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow...

9.8CVSS7.7AI score0.00773EPSS

Exploits0References2

NVD•added 2023/10/11 4:15 p.m.•39 views

CVE-2023-35967

9.8CVSS9.9AI score0.00773EPSS

Exploits0References2

OSV•added 2023/10/11 4:15 p.m.•3 views

CVE-2023-35965

Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...

9.8CVSS6.4AI score

Exploits0References2

NVD•added 2023/10/11 4:15 p.m.•24 views

CVE-2023-35965

9.8CVSS9.9AI score0.00773EPSS

Exploits0References2

Prion•added 2023/10/11 4:15 p.m.•31 views

Heap overflow

7.5CVSS9.8AI score0.00773EPSS

Exploits0References1Affected Software1

Prion•added 2023/10/11 4:15 p.m.•29 views

Heap overflow

7.5CVSS9.8AI score0.00773EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/10/11 3:14 p.m.•18 views

CVE-2023-35965

9.8CVSS9.8AI score0.00773EPSS

Exploits0References1

Cvelist•added 2023/10/11 3:14 p.m.•42 views

CVE-2023-35967

9.8CVSS10AI score0.00773EPSS

Exploits0References1

CVE•added 2023/10/11 3:14 p.m.•67 views

CVE-2023-35967

Affected product: Yifan YF325 (v1.0_20221108). CVE-2023-35967 and CVE-2023-35968 describe two heap-based buffer overflow vulnerabilities in gwcfg_cgi_set_manage_post_data, caused by integer overflows on content-length for malloc/realloc. Triggered by specially crafted network requests, potentiall...

9.8CVSS9.8AI score0.00773EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/10/11 3:14 p.m.•20 views

CVE-2023-35967

9.8CVSS7.5AI score0.00773EPSS

Exploits0References1

Microsoft CVE•added 2023/09/05 7:0 a.m.•2 views

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

...

9.8CVSS9.3AI score0.01239EPSS

Exploits1

F5 Networks•added 2023/07/13 3:54 a.m.•34 views

K000135439: libtar vulnerabilities CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646

Security Advisory Description CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33644 An attacker who submits a crafted tar file with size in...

9.1CVSS7.3AI score0.01449EPSS

Exploits0

Veracode•added 2023/07/10 10:17 a.m.•24 views

Integer Overflow

Klibc is vulnerable to Integer Overflow. This vulnerability exists because of a segmentation fault in the malloc function, which allows an attacker to exhaust memory, causing an overflow...

9.8CVSS6.7AI score0.02147EPSS

Exploits0References7Affected Software1

Tenable Nessus•added 2023/07/04 12:0 a.m.•38 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2286)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs...

9.1CVSS6.5AI score0.01703EPSS

Exploits2References4

Tenable Nessus•added 2023/06/08 12:0 a.m.•11 views

Amazon Linux 2023 : byacc (ALAS2023-2023-204)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-204 advisory. When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free. CVE-2021-33641 When a file is...

7.8CVSS6.5AI score0.0027EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by