Vulnerabilities (CVE)

Filtered by CWE-787
Total 5698 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30910 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm.
CVE-2022-30912 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.
CVE-2022-30913 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm.
CVE-2022-30914 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm.
CVE-2022-30918 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm.
CVE-2022-30919 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.
CVE-2022-30915 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm.
CVE-2022-30916 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm.
CVE-2022-30917 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.
CVE-2022-30920 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm.
CVE-2022-30921 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.
CVE-2022-30923 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.
CVE-2022-30922 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.
CVE-2022-30924 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.
CVE-2022-30925 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.
CVE-2022-30926 1 H3c 2 Magic R100, Magic R100 Firmware 2022-06-14 10.0 HIGH 9.8 CRITICAL
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.
CVE-2021-39275 5 Apache, Debian, Fedoraproject and 2 more 7 Http Server, Debian Linux, Fedora and 4 more 2022-06-14 7.5 HIGH 9.8 CRITICAL
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-4034 4 Canonical, Polkit Project, Redhat and 1 more 24 Ubuntu Linux, Polkit, Enterprise Linux and 21 more 2022-06-14 7.2 HIGH 7.8 HIGH
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2021-44000 1 Siemens 3 Jt2go, Solid Edge, Teamcenter Visualization 2022-06-14 6.8 MEDIUM 7.8 HIGH
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)
CVE-2019-5187 1 Accusoft 1 Imagegear 2022-06-13 6.8 MEDIUM 8.8 HIGH
An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.