Total
2137 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20898 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2023-12-10 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-20903 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2023-12-10 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-39003 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | N/A | 9.1 CRITICAL |
Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components. | |||||
CVE-2022-20896 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2023-12-10 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-35021 | 1 Otfcc Project | 1 Otfcc | 2023-12-10 | N/A | 6.5 MEDIUM |
OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693. | |||||
CVE-2022-40284 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-12-10 | N/A | 7.8 HIGH |
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | |||||
CVE-2022-36584 | 1 Tenda | 2 G3, G3 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf. | |||||
CVE-2022-38221 | 3 Linux, Microsoft, The Isle Evrima Project | 3 Linux Kernel, Windows, The Isle Evrima | 2023-12-10 | N/A | 9.8 CRITICAL |
A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code. | |||||
CVE-2021-34055 | 2 Debian, Jhead Project | 2 Debian Linux, Jhead | 2023-12-10 | N/A | 7.8 HIGH |
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. | |||||
CVE-2022-24022 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-12-10 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary. | |||||
CVE-2021-34987 | 1 Parallels | 1 Parallels Desktop | 2023-12-10 | N/A | 8.2 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the HDAudio virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-14969. | |||||
CVE-2022-36525 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main. | |||||
CVE-2022-24011 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-12-10 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary. | |||||
CVE-2021-34566 | 1 Wago | 98 750-8100, 750-8100 Firmware, 750-8101 and 95 more | 2023-12-10 | N/A | 9.1 CRITICAL |
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | |||||
CVE-2022-25686 | 1 Qualcomm | 213 Apq8017, Apq8017 Firmware, Apq8053 and 210 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
CVE-2022-24013 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-12-10 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the gpio_ctrl binary. | |||||
CVE-2022-0324 | 1 Linuxfoundation | 1 Software For Open Networking In The Cloud | 2023-12-10 | N/A | 7.5 HIGH |
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. | |||||
CVE-2022-41480 | 1 Tenda | 2 Ac6, Ac6v2.0 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
CVE-2022-36293 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2023-12-10 | N/A | 7.2 HIGH |
Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. | |||||
CVE-2022-33217 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2023-12-10 | N/A | 7.8 HIGH |
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile |