Explore CVEs related to Overflow vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Overflow CVEs published in 2023. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-7187 | A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond i | 5.5 | 0.05% | 2023-12-31 | 2024-11-21 |
| CVE-2023-52267 | ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. | 7.5 | 0.07% | 2023-12-31 | 2024-11-21 |
| CVE-2023-7104 | A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. | 5.5 | 0.13% | 2023-12-29 | 2025-11-03 |
| CVE-2023-7158 | A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. | 7.3 | 0.24% | 2023-12-29 | 2024-11-21 |
| CVE-2023-51434 | Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. | 9.3 | 0.05% | 2023-12-29 | 2024-11-21 |
| CVE-2023-51432 | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 3.2 | 0.08% | 2023-12-29 | 2024-11-21 |
| CVE-2023-23441 | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 6.0 | 0.03% | 2023-12-29 | 2024-11-21 |
| CVE-2023-52152 | mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. | 7.5 | 0.13% | 2023-12-28 | 2024-11-21 |
| CVE-2023-47091 | An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. | 7.5 | 0.18% | 2023-12-25 | 2025-04-23 |
| CVE-2023-51771 | In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI. | 9.8 | 0.11% | 2023-12-25 | 2025-04-23 |
| CVE-2023-7095 | A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. | 9.8 | 9.33% | 2023-12-25 | 2024-11-21 |
| CVE-2023-51714 | An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. | 9.8 | 0.14% | 2023-12-24 | 2025-03-20 |
| CVE-2023-48704 | ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickH | 7.0 | 0.47% | 2023-12-22 | 2024-11-21 |
| CVE-2023-24609 | Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. | 7.5 | 0.24% | 2023-12-22 | 2024-11-21 |
| CVE-2023-51713 | make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. | 7.5 | 70.30% | 2023-12-22 | 2025-11-03 |
| CVE-2023-48298 | ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited. | 5.9 | 0.47% | 2023-12-21 | 2024-11-21 |
| CVE-2023-50986 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. | 9.8 | 0.12% | 2023-12-20 | 2024-11-21 |
| CVE-2023-47118 | ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be trigger | 7.0 | 0.39% | 2023-12-20 | 2024-11-21 |
| CVE-2023-50628 | Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. | 9.8 | 0.23% | 2023-12-20 | 2024-11-21 |
| CVE-2023-50044 | Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | 9.8 | 0.11% | 2023-12-20 | 2024-11-21 |