Total
9526 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28085 | 1 Htmldoc Project | 1 Htmldoc | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). | |||||
CVE-2022-27286 | 1 Dlink | 2 Dir-619 Ax, Dir-619 Ax Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
CVE-2022-25788 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code. | |||||
CVE-2021-42195 | 1 Swftools | 1 Swftools | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. | |||||
CVE-2022-1943 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially | |||||
CVE-2022-28193 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2023-12-10 | 4.6 MEDIUM | 5.6 MEDIUM |
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. | |||||
CVE-2021-30322 | 1 Qualcomm | 196 Aqt1000, Aqt1000 Firmware, Ar8035 and 193 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2022-25465 | 1 Espruino | 1 Espruino | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. | |||||
CVE-2021-44048 | 1 Opendesign | 1 Drawings Explorer | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
CVE-2021-44046 | 1 Opendesign | 1 Prc Sdk | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
CVE-2021-39558 | 1 Swftools | 1 Swftools | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage() located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution. | |||||
CVE-2021-43983 | 1 We-con | 1 Levistudiou | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to multiple stack-based buffer overflow instances while parsing project files, which may allow an attacker to execute arbitrary code. | |||||
CVE-2021-38419 | 1 Fujielectric | 2 V-server, V-simulator | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution. | |||||
CVE-2021-30291 | 1 Qualcomm | 180 Apq8017, Apq8017 Firmware, Apq8053 and 177 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | |||||
CVE-2021-34905 | 1 Bentley | 2 Bentley View, Microstation | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14878. | |||||
CVE-2021-1762 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
CVE-2021-38691 | 1 Qnap | 3 Qvr Elite, Qvr Guard, Qvr Pro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | |||||
CVE-2021-38013 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2023-12-10 | 4.0 MEDIUM | 6.8 MEDIUM |
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | |||||
CVE-2021-44002 | 1 Siemens | 5 Jt2go, Jt Open Toolkit, Jt Utilities and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077) |