Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45651 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. | |||||
CVE-2022-39067 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||||
CVE-2022-24017 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the miniupnpd binary. | |||||
CVE-2022-43365 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
CVE-2022-2211 | 2 Libguestfs, Redhat | 2 Libguestfs, Enterprise Linux | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor. | |||||
CVE-2022-33217 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2024-02-28 | N/A | 7.8 HIGH |
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile | |||||
CVE-2022-32096 | 1 Rhonabwy Project | 1 Rhonabwy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. | |||||
CVE-2022-37887 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | |||||
CVE-2021-34236 | 1 Netgear | 2 R8000, R8000 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'. | |||||
CVE-2022-25688 | 1 Qualcomm | 299 Apq8009, Apq8009 Firmware, Apq8009w and 296 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2022-20911 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-20890 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-02-28 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-41484 | 1 Tenda | 2 Ap500, Ap500v1 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
CVE-2022-24018 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the multiWAN binary. | |||||
CVE-2022-36588 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. | |||||
CVE-2022-24024 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary. | |||||
CVE-2022-40112 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-02-28 | N/A | 7.5 HIGH |
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa. | |||||
CVE-2022-24019 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary. | |||||
CVE-2022-38236 | 1 Xpdf Project | 1 Xpdf | 2024-02-28 | N/A | 7.8 HIGH |
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | |||||
CVE-2022-39047 | 1 Freeciv | 1 Freeciv | 2024-02-28 | N/A | 8.8 HIGH |
Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL. |