タイプ別 CVE リスト:Overflow(公開年で絞り込み)

Overflow に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。

直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。

2023 年に公開され、Overflow に分類される CVE を表示しています。 CVE の一覧へ

CVSS スコア
表示中 120 / 2788
«« 先頭 « 前へ 1 / 140 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-7187 A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond i 5.5 0.71% 2023-12-31 2026-06-17
CVE-2023-52267 ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. 7.5 0.74% 2023-12-30 2026-06-17
CVE-2023-7104 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. 5.5 1.25% 2023-12-29 2026-06-17
CVE-2023-7158 A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. 7.3 1.23% 2023-12-29 2026-06-17
CVE-2023-51434 Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. 9.3 0.20% 2023-12-28 2026-06-17
CVE-2023-51432 Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. 3.2 0.17% 2023-12-28 2026-06-17
CVE-2023-23441 Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. 6.0 0.17% 2023-12-28 2026-06-17
CVE-2023-52152 mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. 7.5 0.60% 2023-12-28 2026-06-17
CVE-2023-47091 An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. 7.5 0.53% 2023-12-25 2026-06-17
CVE-2023-51771 In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI. 9.8 0.70% 2023-12-25 2026-06-17
CVE-2023-7095 A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. 9.8 13.70% 2023-12-24 2026-06-17
CVE-2023-51714 An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. 9.8 0.99% 2023-12-24 2026-06-17
CVE-2023-48704 ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickH 7.0 0.47% 2023-12-22 2026-06-17
CVE-2023-24609 Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. 7.5 0.73% 2023-12-21 2026-06-17
CVE-2023-51713 make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. 7.5 4.25% 2023-12-21 2026-06-17
CVE-2023-48298 ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited. 5.9 0.63% 2023-12-21 2026-06-17
CVE-2023-50986 Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. 9.8 0.76% 2023-12-20 2026-07-08
CVE-2023-47118 ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be trigger 7.0 0.46% 2023-12-20 2026-06-17
CVE-2023-50628 Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. 9.8 1.24% 2023-12-20 2026-06-17
CVE-2023-50044 Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. 9.8 0.86% 2023-12-20 2026-06-17
«« 先頭 « 前へ 1 / 140 次へ »
cvelogic Threat Intelligence