Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 46063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (46063 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-20823 2 Google, Mediatek 21 Android, Mt6768, Mt6781 and 18 more 2024-11-21 4.4 Medium
In cmdq, there is a possible out of bounds read due to an incorrect status check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08021592; Issue ID: ALPS08021592.
CVE-2023-20818 2 Google, Mediatek 25 Android, Mt6580, Mt6739 and 22 more 2024-11-21 4.4 Medium
In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.
CVE-2023-20813 2 Google, Mediatek 25 Android, Mt6580, Mt6739 and 22 more 2024-11-21 4.4 Medium
In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453549; Issue ID: ALPS07453549.
CVE-2023-20798 2 Google, Mediatek 12 Android, Mt2713, Mt6855 and 9 more 2024-11-21 4.4 Medium
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.
CVE-2023-20724 2 Google, Mediatek 4 Android, Mt8167, Mt8175 and 1 more 2024-11-21 6.7 Medium
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841.
CVE-2023-20723 2 Google, Mediatek 4 Android, Mt8167, Mt8175 and 1 more 2024-11-21 6.7 Medium
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845.
CVE-2023-20677 5 Google, Linux, Linuxfoundation and 2 more 39 Android, Linux Kernel, Yocto and 36 more 2024-11-21 4.4 Medium
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.
CVE-2023-20251 1 Cisco 2 Aireos, Mobility Express Software 2024-11-21 6.1 Medium
A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.
CVE-2023-20189 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20168 1 Cisco 84 Mds 9000, Mds 9100, Mds 9132t and 81 more 2024-11-21 7.1 High
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.
CVE-2023-20162 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20161 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20160 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20159 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20158 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20157 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20156 1 Cisco 467 250 Series Smart Switches Firmware, 350 Series Managed Switches Firmware, 350x Series Stackable Managed Switches Firmware and 464 more 2024-11-21 8.6 High
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2023-20128 1 Cisco 4 Rv320, Rv320 Firmware, Rv325 and 1 more 2024-11-21 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.
CVE-2023-20117 1 Cisco 4 Rv320, Rv320 Firmware, Rv325 and 1 more 2024-11-21 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.
CVE-2023-20112 1 Cisco 62 Business 150ax, Business 150ax Firmware, Business 151axm and 59 more 2024-11-21 7.4 High
A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.