Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39003 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | N/A | 9.1 CRITICAL |
Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components. | |||||
CVE-2022-25708 | 1 Qualcomm | 34 Sd888 5g, Sd888 5g Firmware, Sd 8 Gen1 5g Firmware and 31 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile | |||||
CVE-2022-24008 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confcli binary. | |||||
CVE-2022-31209 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. | |||||
CVE-2022-20892 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
CVE-2022-37889 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | |||||
CVE-2022-24010 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary. | |||||
CVE-2022-38573 | 1 10-strike | 1 Network Inventory Explorer | 2024-02-28 | N/A | 9.8 CRITICAL |
10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function. | |||||
CVE-2022-25687 | 1 Qualcomm | 362 Apq8009, Apq8009 Firmware, Apq8009w and 359 more | 2024-02-28 | N/A | 9.8 CRITICAL |
memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2022-36584 | 1 Tenda | 2 G3, G3 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf. | |||||
CVE-2022-37890 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | |||||
CVE-2022-22728 | 3 Apache, Debian, Fedoraproject | 3 Libapreq2, Debian Linux, Fedora | 2024-02-28 | N/A | 7.5 HIGH |
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | |||||
CVE-2022-35161 | 1 Generalized Electric Vehicle Reverse Engineering Tool Project | 1 Generalized Electric Vehicle Reverse Engineering Tool | 2024-02-28 | N/A | 9.8 CRITICAL |
GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. | |||||
CVE-2022-32788 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-28 | N/A | 9.8 CRITICAL |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution. | |||||
CVE-2022-23747 | 1 Sony | 6 Xperia 1, Xperia 1 Firmware, Xperia 5 and 3 more | 2024-02-28 | N/A | 9.8 CRITICAL |
In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. | |||||
CVE-2022-22683 | 1 Synology | 3 Diskstation Manager, Media Server, Router Manager | 2024-02-28 | N/A | 9.8 CRITICAL |
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2022-34756 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior) | |||||
CVE-2022-34973 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. | |||||
CVE-2022-27612 | 1 Synology | 1 Audio Station | 2024-02-28 | N/A | 9.8 CRITICAL |
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2022-26528 | 3 Google, Linux, Realtek | 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit | 2024-02-28 | N/A | 6.5 MEDIUM |
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. |