How severe is CVE-2023-48694?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-48694?

This is classified as CWE-825, which is a common weakness in software security.

CVE-2023-48694

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-825

View all →

Vulnerability Description

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2024-23310

CRITICAL

CVSS:9.8(Critical)

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary co...

CWE-8252024

CVE-2024-23310

CRITICAL

CVSS:9.8(Critical)

CWE-8252024

CVE-2023-20212

HIGH

CVSS:7.5(High)

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic ...

CWE-8252023

CVE-2024-39792

HIGH

CVSS:7.5(High)

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CWE-8252024

CVE-2019-15691

HIGH

CVSS:7.2(High)

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder ...

CWE-8252019

CVE-2024-45105

MEDIUM

CVSS:6.7(Medium)

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execut...

CWE-8252024

CVE-2023-48694

Vulnerability Description

Related Vulnerabilities

CVE-2024-23310

CVE-2024-23310

CVE-2023-20212

CVE-2024-39792

CVE-2019-15691

CVE-2024-45105