Total
9606 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27793 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27570 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||||
| CVE-2022-27184 | 1 Hornerautomation | 1 Cscape | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-26769 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-33137 | 1 Intel | 1 Kernelflinger | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-22597 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2022-30921 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. | |||||
| CVE-2022-30786 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | |||||
| CVE-2022-24105 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file. | |||||
| CVE-2022-25459 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. | |||||
| CVE-2021-46639 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15511. | |||||
| CVE-2022-28827 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-46646 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15532. | |||||
| CVE-2022-29326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | |||||
| CVE-2022-31054 | 1 Argo Events Project | 1 Argo Events | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1. | |||||
| CVE-2022-29321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | |||||
| CVE-2014-125003 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2021-40058 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2022-28273 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27784 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. | |||||