Skip to main content
CVE-2023-38922 HIGH This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware Xwn5001 Firmware Xavn2001V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-38921 HIGH This Week

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware Wag302V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-3650 MEDIUM POC This Month

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-39528 HIGH PATCH This Week

PrestaShop is an open source e-commerce web application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Prestashop
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-4147 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-4012 HIGH This Week

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntpsec
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-0426 HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Abb Ac700F Firmware Freelance 2013 +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-0425 HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Abb Information Disclosure Ac700F Firmware Freelance 2013 Freelance 2016 +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33913 HIGH This Week

In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-20817 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20816 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20815 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20814 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20811 MEDIUM This Month

In IOMMU, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20809 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20808 MEDIUM This Month

In OPTEE, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20807 MEDIUM This Month

In dpe, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20806 MEDIUM This Month

In hcp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20805 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20804 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20797 MEDIUM This Month

In camera middleware, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20795 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20786 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20784 MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20783 MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-38924 MEDIUM This Month

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dgn3500 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36054 MEDIUM PATCH This Month

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption Denial Of Service Kerberos 5 Debian Linux Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-38157 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2023-20803 MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20802 MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20800 MEDIUM This Month

In imgsys, there is a possible system crash due to a mssing ptr check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20801 MEDIUM This Month

In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20788 MEDIUM This Month

In thermal, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20787 MEDIUM This Month

In thermal, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20785 MEDIUM This Month

In audio, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-39527 MEDIUM PATCH This Month

PrestaShop is an open source e-commerce web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38045 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Admiror Gallery
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38392 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Custom Field Template
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4194 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's TUN/TAP functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Linux Authentication Bypass Memory Corruption Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-27373 MEDIUM This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33912 MEDIUM This Month

In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33911 MEDIUM This Month

In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33910 MEDIUM This Month

In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33909 MEDIUM This Month

In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33908 MEDIUM This Month

In ims service, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33907 MEDIUM This Month

In Contacts Service, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33906 MEDIUM This Month

In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-39903 MEDIUM PATCH This Month

An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Software Infrastructure Manager
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2023-20818 MEDIUM This Month

In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20813 MEDIUM This Month

In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy