| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
|
| A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. |
| Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. |
| TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited via crafted TCP packets. |
| Heap buffer overflow in paddle.repeat_interleaveĀ in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
|
| ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. |
| mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. |
| Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read. |
| IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur. |
| Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. |
| csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. |
| A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. |
| A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. |
| A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. |
|
Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.
|
|
Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.
|
| The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. |
| A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
|
| Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users.
This has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with 'token write' scope, or created a token in frontend-2 with `token write` scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist. |
