Total
9606 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-46699 | 1 Siemens | 1 Simcenter Femap | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061) | |||||
CVE-2021-26623 | 2 Bandisoft, Microsoft | 2 Bandizip, Windows | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. | |||||
CVE-2020-36518 | 4 Debian, Fasterxml, Netapp and 1 more | 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | |||||
CVE-2021-38278 | 1 Tendacn | 2 Ac10, Ac10 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. | |||||
CVE-2022-22640 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-29776 | 1 Onlyoffice | 2 Core, Document Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | |||||
CVE-2022-26952 | 1 Digi | 2 Passport, Passport Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | |||||
CVE-2022-26768 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-43722 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. | |||||
CVE-2022-0891 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact | |||||
CVE-2022-28971 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS). | |||||
CVE-2022-33087 | 1 Tp-link | 4 Archer A5, Archer A5 Firmware, Archer C50 and 1 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
CVE-2022-27016 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. | |||||
CVE-2022-0435 | 5 Fedoraproject, Linux, Netapp and 2 more | 37 Fedora, Linux Kernel, H300e and 34 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | |||||
CVE-2022-25550 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. | |||||
CVE-2022-27869 | 1 Autodesk | 1 Autocad | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code. | |||||
CVE-2021-44331 | 1 Arm | 1 Adaptive Scalable Texture Compression Encoder | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). | |||||
CVE-2021-26252 | 3 Fedoraproject, Htmldoc Project, Redhat | 3 Fedora, Htmldoc, Enterprise Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | |||||
CVE-2021-30333 | 1 Qualcomm | 258 Apq8009w, Apq8009w Firmware, Apq8017 and 255 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2021-44488 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. |