Total
2901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41981 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | N/A | 8.1 HIGH |
|
A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2022-41854 | 2 Fedoraproject, Snakeyaml Project | 2 Fedora, Snakeyaml | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
|
|||||
| CVE-2022-41664 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code ...
Show More |
|||||
| CVE-2022-41140 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in ...
Show More |
|||||
| CVE-2022-40718 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the c ...
Show More |
|||||
| CVE-2022-40717 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the c ...
Show More |
|||||
| CVE-2022-40160 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | N/A | 6.5 MEDIUM |
|
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
|
|||||
| CVE-2022-40159 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | N/A | 6.5 MEDIUM |
|
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
|
|||||
| CVE-2022-40149 | 2 Debian, Jettison Project | 2 Debian Linux, Jettison | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
|
|||||
| CVE-2022-3409 | 1 Openbmc-project | 1 Openbmc | 2024-11-21 | N/A | 8.2 HIGH |
|
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple ti ...
Show More |
|||||
| CVE-2022-3386 | 1 Advantech | 1 R-seenet | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.
|
|||||
| CVE-2022-3385 | 1 Advantech | 1 R-seenet | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.
|
|||||
| CVE-2022-3296 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
|
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
|
|||||
| CVE-2022-3228 | 1 Hosteng | 2 H0-ecom100, H0-ecom100 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive.
|
|||||
| CVE-2022-3159 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | N/A | 7.8 HIGH |
|
The APDFL.dll contains a stack-based buffer overflow vulnerability that
could be triggered while parsing specially crafted PDF files. This could
allow an attacker to execute code in the context of the current
process.
|
|||||
| CVE-2022-3085 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | N/A | 7.8 HIGH |
|
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2022-38752 | 1 Snakeyaml Project | 1 Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
|
|||||
| CVE-2022-38751 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
|
|||||
| CVE-2022-38750 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
|
|||||
| CVE-2022-38749 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
|
|||||
| CVE-2022-38450 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-37398 | 1 Asustor | 1 Adm | 2024-11-21 | N/A | 7.1 HIGH |
|
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.
|
|||||
| CVE-2022-35867 | 1 Xhyve Project | 1 Xhyve | 2024-11-21 | N/A | 6.7 MEDIUM |
|
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges ...
Show More |
|||||
| CVE-2022-35710 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
|
|||||
| CVE-2022-35690 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
|
|||||
| CVE-2022-35299 | 1 Sap | 2 Sap Iq, Sql Anywhere | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.
|
|||||
| CVE-2022-34884 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2024-11-21 | N/A | 7.2 HIGH |
|
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.
|
|||||
| CVE-2022-34667 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2024-11-21 | N/A | 4.4 MEDIUM |
|
NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.
|
|||||
| CVE-2022-34403 | 1 Dell | 166 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 163 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.
|
|||||
| CVE-2022-34401 | 1 Dell | 6 Alienware M15 A6, Alienware M15 A6 Firmware, Alienware M17 R5 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.
|
|||||
| CVE-2022-33871 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 6.6 MEDIUM |
|
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.
|
|||||
| CVE-2022-33279 | 1 Qualcomm | 148 Ar9380, Ar9380 Firmware, Csr8811 and 145 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.
|
|||||
| CVE-2022-33264 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 481 more | 2024-11-21 | N/A | 7.9 HIGH |
|
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.
|
|||||
| CVE-2022-33260 | 1 Qualcomm | 92 Aqt1000, Aqt1000 Firmware, Qam8295p and 89 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.
|
|||||
| CVE-2022-33213 | 1 Qualcomm | 418 Apq8009, Apq8009 Firmware, Apq8009w and 415 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Memory corruption in modem due to buffer overflow while processing a PPP packet
|
|||||
| CVE-2022-32502 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
|
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.
|
|||||
| CVE-2022-32493 | 1 Dell | 580 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 577 more | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
|
|||||
| CVE-2022-32454 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability.
|
|||||
| CVE-2022-31226 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.
|
|||||
| CVE-2022-30306 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 6.6 MEDIUM |
|
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.
|
|||||