Total
2146 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-4207 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2023-12-10 | 4.6 MEDIUM | 8.2 HIGH |
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
CVE-2022-22634 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-26752 | 1 Apple | 1 Macos | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-21967 | 1 Sealevel | 2 Seaconnect 370w, Seaconnect 370w Firmware | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
CVE-2021-44343 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c". | |||||
CVE-2022-30033 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. | |||||
CVE-2021-32968 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. | |||||
CVE-2020-16232 | 1 Yokogawa | 1 Widefield3 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file. | |||||
CVE-2020-22845 | 1 Mikrotik | 1 Routeros | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. | |||||
CVE-2022-26642 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | |||||
CVE-2022-22082 | 1 Qualcomm | 305 Apq8009, Apq8009 Firmware, Apq8009w and 302 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2022-30950 | 1 Jenkins | 1 Wmi Windows Agents | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. | |||||
CVE-2021-42728 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. | |||||
CVE-2021-22824 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | |||||
CVE-2021-44627 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2022-28463 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | |||||
CVE-2022-22333 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133. | |||||
CVE-2021-30327 | 1 Qualcomm | 158 Apq8097, Apq8097 Firmware, Apq8098 and 155 more | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music | |||||
CVE-2022-23203 | 1 Adobe | 1 Photoshop | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Photoshop. | |||||
CVE-2021-41794 | 1 Open5gs | 1 Open5gs | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer. |