Search Results (46111 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46713 1 Fortinet 1 Fortiweb 2024-11-21 4.9 Medium
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.
CVE-2023-46603 1 Color 1 Demoiccmax 2024-11-21 8.8 High
In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.
CVE-2023-46587 1 Xnview 1 Xnview 2024-11-21 7.8 High
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
CVE-2023-46570 1 Radare 1 Radare2 2024-11-21 9.8 Critical
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.
CVE-2023-46569 1 Radare 1 Radare2 2024-11-21 9.8 Critical
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.
CVE-2023-46564 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 8 High
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.
CVE-2023-46563 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 8 High
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.
CVE-2023-46562 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 8 High
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.
CVE-2023-46560 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 8 High
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.
CVE-2023-46559 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 8 High
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.
CVE-2023-46553 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.
CVE-2023-46552 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.
CVE-2023-46402 1 Git-urls Project 1 Git-urls 2024-11-21 7.5 High
git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.
CVE-2023-46363 1 Jbig2enc Project 1 Jbig2enc 2024-11-21 5.5 Medium
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.
CVE-2023-46331 1 Webassembly 1 Webassembly Binary Toolkit 2024-11-21 5.5 Medium
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
CVE-2023-46322 1 Iterm2 1 Iterm2 2024-11-21 9.8 Critical
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.
CVE-2023-46321 1 Iterm2 1 Iterm2 2024-11-21 9.8 Critical
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
CVE-2023-46301 1 Iterm2 1 Iterm2 2024-11-21 9.8 Critical
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
CVE-2023-46300 1 Iterm2 1 Iterm2 2024-11-21 9.8 Critical
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
CVE-2023-46256 1 Dronecode 1 Px4 Drone Autopilot 2024-11-21 4.4 Medium
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.