Skip to main content
CVE-2023-48315 CRITICAL Act Now

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Microsoft Azure Rtos Netx Duo
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2023-49290 MEDIUM POC PATCH This Month

lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jwx
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-33054 CRITICAL Act Now

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Authentication Bypass 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +164
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-5970 HIGH This Week

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6357 HIGH This Week

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Control For Beaglebone Sl Control For Empc A Imx6 Control For Iot2000 Sl Control For Linux Arm Sl +7
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-28585 HIGH This Week

Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +271
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-49292 MEDIUM POC PATCH This Month

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Go
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-44295 HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-46674 HIGH PATCH This Week

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Elastic Deserialization Elasticsearch
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42574 HIGH This Week

Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gamehomecn
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42567 HIGH This Week

Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42566 HIGH This Week

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42563 HIGH This Week

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42562 HIGH This Week

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42560 HIGH This Week

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42558 HIGH This Week

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33107 HIGH KEV PATCH THREAT This Week

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware Apq8017 Firmware Apq8064au Firmware +233
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-33106 HIGH KEV PATCH THREAT This Week

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +144
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-33092 HIGH PATCH This Week

Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +86
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33088 HIGH This Week

Memory corruption when processing cmd parameters while parsing vdev. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware +298
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33087 HIGH PATCH This Week

Memory corruption in Core while processing RX intent request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware +113
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33079 HIGH PATCH This Week

Memory corruption in Audio while running invalid audio recording from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +140
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33071 HIGH PATCH This Week

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Authentication Bypass Qca6574 Firmware Qca6574a Firmware Qca6574au Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33063 HIGH KEV PATCH THREAT This Week

Memory corruption in DSP Services during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Apq8017 Firmware +278
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-33053 HIGH PATCH This Week

Memory corruption in Kernel while parsing metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Csr8811 Firmware Wcn6750 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +113
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33024 HIGH This Week

Memory corruption while sending SMS from AP firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware +67
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33022 HIGH This Week

Memory corruption in HLOS while invoking IOCTL calls from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware +207
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33018 HIGH This Week

Memory corruption while using the UIM diag command to get the operators name. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +258
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33017 HIGH This Week

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +272
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28587 HIGH This Week

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +180
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28580 HIGH PATCH This Week

Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qam8295p Firmware +40
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28579 HIGH PATCH This Week

Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qam8295p Firmware Qca6391 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28551 HIGH This Week

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +238
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28550 HIGH This Week

Memory corruption in MPP performance while accessing DSM watermark using external memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +325
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28546 HIGH This Week

Memory Corruption in SPS Application while exporting public key in sorter TA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Apq8017 Firmware Apq8037 Firmware +270
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22668 HIGH PATCH This Week

Memory Corruption in Audio while invoking IOCTLs calls from the user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Aqt1000 Firmware Ar8035 Firmware +53
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22383 HIGH PATCH This Week

Memory Corruption in camera while installing a fd for a particular DMA buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Aqt1000 Firmware C V2x 9150 Firmware +56
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21634 HIGH This Week

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-45287 HIGH PATCH This Week

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-41835 HIGH PATCH This Week

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Struts
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2023-5188 HIGH This Week

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Telecontrol Configurator Wagoapprtu
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-44288 HIGH This Week

Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39248 HIGH This Week

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Networking Os10
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37572 HIGH This Week

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Opc
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42581 HIGH This Week

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-42578 HIGH This Week

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Cloud
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33098 HIGH This Week

Transient DOS while parsing WPA IES, when it is passed with length more than expected size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +253
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33097 HIGH This Week

Transient DOS in WLAN Firmware while processing a FTMR frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +117
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33089 HIGH This Week

Transient DOS when processing a NULL buffer while parsing WLAN vdev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware +220
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33081 HIGH This Week

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Csr8811 Firmware Wcn3991 Firmware +144
NVD
CVSS 3.1
7.5
EPSS
0.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy