Total
9629 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22274 | 1 Sonicwall | 33 Nsa 2700, Nsa 3700, Nsa 4700 and 30 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | |||||
CVE-2022-20825 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability. | |||||
CVE-2021-38578 | 2 Insyde, Tianocore | 2 Kernel, Edk2 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | |||||
CVE-2022-1350 | 1 Artifex | 1 Ghostpcl | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. | |||||
CVE-2021-39736 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A | |||||
CVE-2021-39721 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A | |||||
CVE-2022-27791 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a stack-based buffer overflow vulnerability due to insecure processing of a font, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file | |||||
CVE-2022-20028 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198663; Issue ID: ALPS06198663. | |||||
CVE-2022-24578 | 1 Gpac | 1 Gpac | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. | |||||
CVE-2022-30923 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. | |||||
CVE-2021-30341 | 1 Qualcomm | 240 Apq8009w, Apq8009w Firmware, Apq8096au and 237 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | |||||
CVE-2022-0676 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
CVE-2022-22584 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
CVE-2022-20047 | 2 Google, Mediatek | 11 Android, Mt5816, Mt5835 and 8 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. | |||||
CVE-2022-28276 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-30916 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. | |||||
CVE-2022-27783 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. | |||||
CVE-2022-29322 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | |||||
CVE-2022-21753 | 2 Google, Mediatek | 40 Android, Mt6580, Mt6735 and 37 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899. | |||||
CVE-2021-30771 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution. |