Total
2144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34566 | 1 Wago | 98 750-8100, 750-8100 Firmware, 750-8101 and 95 more | 2023-12-10 | N/A | 9.1 CRITICAL |
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | |||||
| CVE-2022-25686 | 1 Qualcomm | 213 Apq8017, Apq8017 Firmware, Apq8053 and 210 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-24013 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-12-10 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the gpio_ctrl binary. | |||||
| CVE-2022-0324 | 1 Linuxfoundation | 1 Software For Open Networking In The Cloud | 2023-12-10 | N/A | 7.5 HIGH |
| There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. | |||||
| CVE-2022-41480 | 1 Tenda | 2 Ac6, Ac6v2.0 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2022-36293 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2023-12-10 | N/A | 7.2 HIGH |
| Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. | |||||
| CVE-2022-33217 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2023-12-10 | N/A | 7.8 HIGH |
| Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile | |||||
| CVE-2022-32491 | 1 Dell | 580 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 577 more | 2023-12-10 | N/A | 7.8 HIGH |
| Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM. | |||||
| CVE-2022-3786 | 3 Fedoraproject, Nodejs, Openssl | 3 Fedora, Node.js, Openssl | 2023-12-10 | N/A | 7.5 HIGH |
| A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | |||||
| CVE-2022-24015 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-12-10 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary. | |||||
| CVE-2022-35192 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. | |||||
| CVE-2022-37887 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | |||||
| CVE-2022-39377 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2023-12-10 | N/A | 7.8 HIGH |
| sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | |||||
| CVE-2022-35003 | 1 Bitbanksoftware | 1 Jpegdec | 2023-12-10 | N/A | 7.8 HIGH |
| JPEGDEC commit be4843c was discovered to contain a global buffer overflow via ucDitherBuffer at /src/jpeg.inl. | |||||
| CVE-2022-24023 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-12-10 | N/A | 8.8 HIGH |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pppd binary. | |||||
| CVE-2022-41482 | 1 Tenda | 2 Ac6, Ac6v2.0 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2022-37055 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | |||||
| CVE-2022-20899 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2023-12-10 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2022-39244 | 1 Pjsip | 1 Pjsip | 2023-12-10 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-24007 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2023-12-10 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary. | |||||