Total
2128 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30309 | 1 Qualcomm | 86 Mdm9650, Mdm9650 Firmware, Qca6174a and 83 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2022-27242 | 1 Siemens | 1 Openv2g | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. | |||||
CVE-2022-28994 | 1 Smallsrv | 1 Small Http Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | |||||
CVE-2022-27387 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. | |||||
CVE-2021-22394 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. | |||||
CVE-2021-35129 | 1 Qualcomm | 90 Ar8035, Ar8035 Firmware, Ipq5010 and 87 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2022-24313 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
CVE-2022-26742 | 1 Apple | 1 Macos | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-30067 | 1 Gimp | 1 Gimp | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. | |||||
CVE-2022-26243 | 1 Tendacn | 2 Ac10, Ac10 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. | |||||
CVE-2021-44493 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. | |||||
CVE-2021-42863 | 1 Jerryscript | 1 Jerryscript | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. | |||||
CVE-2022-22687 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2022-26981 | 3 Apple, Fedoraproject, Liblouis | 7 Ipados, Iphone Os, Macos and 4 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | |||||
CVE-2022-30767 | 2 Denx, Fedoraproject | 2 U-boot, Fedora | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | |||||
CVE-2022-29797 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. | |||||
CVE-2022-27881 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. | |||||
CVE-2022-27240 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. | |||||
CVE-2021-43619 | 1 Arm | 1 Trusted Firmware-m | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | |||||
CVE-2022-22281 | 1 Sonicwall | 1 Netextender | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. |