Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32324 | 1 Pdfalto Project | 1 Pdfalto | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
|
|||||
| CVE-2022-32323 | 2 Autotrace Project, Fedoraproject | 2 Autotrace, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
|
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
|
|||||
| CVE-2022-32292 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.
|
|||||
| CVE-2022-32234 | 1 Facebook | 1 Hermes | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
|
|||||
| CVE-2022-32117 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A | 7.8 HIGH |
|
Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c.
|
|||||
| CVE-2022-32053 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.
|
|||||
| CVE-2022-32052 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.
|
|||||
| CVE-2022-32051 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.
|
|||||
| CVE-2022-32050 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.
|
|||||
| CVE-2022-32049 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.
|
|||||
| CVE-2022-32048 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.
|
|||||
| CVE-2022-32047 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
|
|||||
| CVE-2022-32046 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c.
|
|||||
| CVE-2022-32045 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.
|
|||||
| CVE-2022-32044 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.
|
|||||
| CVE-2022-32043 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.
|
|||||
| CVE-2022-32041 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.
|
|||||
| CVE-2022-32040 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.
|
|||||
| CVE-2022-32039 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.
|
|||||
| CVE-2022-32037 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.
|
|||||
| CVE-2022-32036 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.
|
|||||
| CVE-2022-32035 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
|
|||||
| CVE-2022-32034 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
|
|||||
| CVE-2022-32033 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.
|
|||||
| CVE-2022-32032 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.
|
|||||
| CVE-2022-32031 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic.
|
|||||
| CVE-2022-32030 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.
|
|||||
| CVE-2022-31810 | 1 Siemens | 1 Sipass Integrated | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.
This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.
|
|||||
| CVE-2022-31783 | 2 Fedoraproject, Liblouis | 2 Fedora, Liblouis | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.
|
|||||
| CVE-2022-31782 | 1 Freedesktop | 1 Freetype Demo Programs | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
|
|||||
| CVE-2022-31705 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-11-21 | N/A | 8.2 HIGH |
|
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
|
|||||
| CVE-2022-31627 | 1 Php | 1 Php | 2024-11-21 | N/A | 7.7 HIGH |
|
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
|
|||||
| CVE-2022-31610 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
|
|||||
| CVE-2022-31606 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.
|
|||||
| CVE-2022-31602 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.
|
|||||
| CVE-2022-31601 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.
|
|||||
| CVE-2022-31226 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.
|
|||||
| CVE-2022-31144 | 1 Redis | 1 Redis | 2024-11-21 | N/A | 7.0 HIGH |
|
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.
|
|||||
| CVE-2022-31054 | 1 Argo Events Project | 1 Argo Events | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1.
|
|||||
| CVE-2022-31003 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
|
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue.
|
|||||