Total
3348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38698 | 1 Ens.domains | 1 Ethereum Name Service | 2024-11-21 | 4.9 Medium |
| Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action. | ||||
| CVE-2023-36327 | 1 Relic Project | 1 Relic | 2024-11-21 | 9.8 Critical |
| Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. | ||||
| CVE-2023-36326 | 1 Relic Project | 1 Relic | 2024-11-21 | 9.8 Critical |
| Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | ||||
| CVE-2023-35681 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35673 | 1 Google | 1 Android | 2024-11-21 | 8.8 High |
| In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-33976 | 1 Google | 1 Tensorflow | 2024-11-21 | 7.5 High |
| TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12. | ||||
| CVE-2023-33038 | 1 Qualcomm | 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more | 2024-11-21 | 6.7 Medium |
| Memory corruption while receiving a message in Bus Socket Transport Server. | ||||
| CVE-2023-32829 | 3 Google, Linuxfoundation, Mediatek | 17 Android, Yocto, Iot Yocto and 14 more | 2024-11-21 | 6.7 Medium |
| In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478. | ||||
| CVE-2023-32828 | 2 Google, Mediatek | 17 Android, Iot Yocto, Mt6771 and 14 more | 2024-11-21 | 6.7 Medium |
| In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817. | ||||
| CVE-2023-32823 | 2 Google, Mediatek | 31 Android, Mt6580, Mt6739 and 28 more | 2024-11-21 | 6.7 Medium |
| In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966. | ||||
| CVE-2023-2914 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-11-21 | 7.5 High |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. | ||||
| CVE-2023-28537 | 1 Qualcomm | 366 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 363 more | 2024-11-21 | 8.4 High |
| Memory corruption while allocating memory in COmxApeDec module in Audio. | ||||
| CVE-2023-25516 | 1 Nvidia | 1 Gpu Display Driver | 2024-11-21 | 7.1 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. | ||||
| CVE-2023-24609 | 2 Matrixssl, Rambus | 2 Matrixssl, Tls Toolkit | 2024-11-21 | 7.5 High |
| Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. | ||||
| CVE-2023-22666 | 1 Qualcomm | 344 Apq8009, Apq8009 Firmware, Apq8017 and 341 more | 2024-11-21 | 8.4 High |
| Memory Corruption in Audio while playing amrwbplus clips with modified content. | ||||
| CVE-2023-22305 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 6.5 Medium |
| Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-21655 | 1 Qualcomm | 62 Qca6391, Qca6391 Firmware, Qca6574au and 59 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in Audio while validating and mapping metadata. | ||||
| CVE-2023-21644 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Qca6390 and 99 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request. | ||||
| CVE-2023-21630 | 1 Qualcomm | 84 Qca6391, Qca6391 Firmware, Qca6574 and 81 more | 2024-11-21 | 8.4 High |
| Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. | ||||
| CVE-2023-21375 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||