Total
9529 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26771 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-24058 | 1 Santesoft | 1 Dicom Viewer Pro | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15095. | |||||
CVE-2022-29399 | 1 Totolink | 2 N600r, N600r Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. | |||||
CVE-2022-27419 | 1 Rtl 433 Project | 1 Rtl 433 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
CVE-2022-25445 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | |||||
CVE-2022-30475 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | |||||
CVE-2022-0610 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-30926 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. | |||||
CVE-2022-24369 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16087. | |||||
CVE-2021-3610 | 3 Fedoraproject, Imagemagick, Redhat | 3 Fedora, Imagemagick, Enterprise Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. | |||||
CVE-2020-14125 | 1 Mi | 3 Miui, Redmi Note 11, Redmi Note 9t | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. | |||||
CVE-2022-22613 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-20147 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105 | |||||
CVE-2022-25561 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||||
CVE-2022-30665 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-25790 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution. | |||||
CVE-2022-28966 | 1 Wasm3 Project | 1 Wasm3 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c). | |||||
CVE-2022-25428 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. | |||||
CVE-2021-39732 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A | |||||
CVE-2021-4100 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |