Total
9629 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29616 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | |||||
CVE-2022-25439 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | |||||
CVE-2022-28082 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. | |||||
CVE-2022-26988 | 3 Fastcom, Mercusys, Tp-link | 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution. | |||||
CVE-2022-30040 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. | |||||
CVE-2022-29077 | 1 Ripple | 1 Rippled | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. | |||||
CVE-2022-24456 | 1 Microsoft | 1 Hevc Video Extensions | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
HEVC Video Extensions Remote Code Execution Vulnerability | |||||
CVE-2021-46568 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15030. | |||||
CVE-2022-28825 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-24059 | 1 Santesoft | 1 Dicom Viewer Pro | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-15098. | |||||
CVE-2022-1286 | 1 Mruby | 1 Mruby | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | |||||
CVE-2021-21942 | 1 Accusoft | 1 Imagegear | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-20702 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-44339 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712". | |||||
CVE-2022-25452 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. | |||||
CVE-2022-28272 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-37354 | 1 Xerox | 2 Phaser 4622, Phaser 4622 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||
CVE-2022-20105 | 3 Google, Linux, Mediatek | 38 Android, Linux Kernel, Mt9011 and 35 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. | |||||
CVE-2022-25437 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | |||||
CVE-2022-30293 | 2 Debian, Webkitgtk | 2 Debian Linux, Webkitgtk | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. |