Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28998 | 1 Xlightftpd | 1 Xlight Ftp | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.
|
|||||
| CVE-2022-28990 | 1 Wasm3 Project | 1 Wasm3 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.
|
|||||
| CVE-2022-28973 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).
|
|||||
| CVE-2022-28972 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).
|
|||||
| CVE-2022-28971 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).
|
|||||
| CVE-2022-28970 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).
|
|||||
| CVE-2022-28969 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).
|
|||||
| CVE-2022-28966 | 1 Wasm3 Project | 1 Wasm3 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c).
|
|||||
| CVE-2022-28917 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.
|
|||||
| CVE-2022-28874 | 4 Apple, F-secure, Microsoft and 1 more | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
|
|||||
| CVE-2022-28853 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28852 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28848 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28847 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28846 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28845 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28844 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28843 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28841 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28840 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28839 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28836 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28834 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28833 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28831 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28829 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28828 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28827 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28826 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28825 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28822 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28821 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28819 | 3 Adobe, Apple, Microsoft | 3 Character Animator, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.
|
|||||
| CVE-2022-28772 | 1 Sap | 2 Netweaver, Web Dispatcher | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
|
|||||
| CVE-2022-28750 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | N/A | 7.5 HIGH |
|
Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.
|
|||||
| CVE-2022-28737 | 1 Redhat | 1 Shim | 2024-11-21 | N/A | 6.5 MEDIUM |
|
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
|
|||||
| CVE-2022-28734 | 2 Gnu, Netapp | 2 Grub2, Active Iq Unified Manager | 2024-11-21 | N/A | 8.1 HIGH |
|
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
|
|||||
| CVE-2022-28711 | 1 Ardupilot | 1 Apweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
|
|||||
| CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2022-28668 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-11-21 | N/A | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vu ...
Show More |
|||||