Total
2573 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24011 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary. | |||||
| CVE-2022-25724 | 1 Qualcomm | 402 Apq8009, Apq8009 Firmware, Apq8009w and 399 more | 2024-02-28 | N/A | 7.8 HIGH |
| Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-35192 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. | |||||
| CVE-2022-24015 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary. | |||||
| CVE-2022-24025 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the sntp binary. | |||||
| CVE-2022-0324 | 1 Linuxfoundation | 1 Software For Open Networking In The Cloud | 2024-02-28 | N/A | 7.5 HIGH |
| There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. | |||||
| CVE-2022-26527 | 3 Google, Linux, Realtek | 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit | 2024-02-28 | N/A | 6.5 MEDIUM |
| Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. | |||||
| CVE-2022-24016 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the mesh_status_check binary. | |||||
| CVE-2022-24007 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary. | |||||
| CVE-2022-37842 | 1 Totolink | 2 A860r, A860r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability. | |||||
| CVE-2021-23159 | 1 Sox Project | 1 Sox | 2024-02-28 | N/A | 5.5 MEDIUM |
| A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. | |||||
| CVE-2022-20893 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2021-39999 | 1 Huawei | 2 Ese620x Vess, Ese620x Vess Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200. An attacker can exploit this vulnerability by sending a specific message to the target device due to insufficient validation of packets. Successful exploit could cause a denial of service condition. | |||||
| CVE-2022-24006 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the arpbrocast binary. | |||||
| CVE-2022-24012 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the fota binary. | |||||
| CVE-2022-38221 | 3 Linux, Microsoft, The Isle Evrima Project | 3 Linux Kernel, Windows, The Isle Evrima | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code. | |||||
| CVE-2022-35011 | 1 Pngdec Project | 1 Pngdec | 2024-02-28 | N/A | 8.8 HIGH |
| PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflate_fast at /src/inffast.c. | |||||
| CVE-2022-20901 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2022-20889 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-02-28 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2022-39377 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2024-02-28 | N/A | 7.8 HIGH |
| sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | |||||