CVE-2023-34401

LOW Year: 2023
CVSS v3 Score
3.7
Low
Weakness Type
CWE-125
View all →

Vulnerability Description

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.

Related Vulnerabilities

CVE-2017-15353

LOW
CVSS:3.7(Low)

Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C...

CWE-1252017

CVE-2023-21012

LOW
CVSS:3.7(Low)

In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. U...

CWE-1252023

CVE-2023-42114

LOW
CVSS:3.7(Low)

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authenticat...

CWE-1252023

CVE-2020-11947

LOW
CVSS:3.8(Low)

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

CWE-1252020

CVE-2020-17390

LOW
CVSS:3.8(Low)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code o...

CWE-1252020

CVE-2020-3970

LOW
CVSS:3.8(Low)

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out...

CWE-1252020