Total
2430 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37840 | 1 Totolink | 2 A860r, A860r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. | |||||
| CVE-2021-4214 | 3 Debian, Libpng, Netapp | 3 Debian Linux, Libpng, Ontap Select Deploy Administration Utility | 2024-02-28 | N/A | 5.5 MEDIUM |
| A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. | |||||
| CVE-2022-39244 | 1 Pjsip | 1 Pjsip | 2024-02-28 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-34823 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-02-28 | N/A | 9.8 CRITICAL |
| Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-26649 | 1 Siemens | 58 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 55 more | 2024-02-28 | 7.8 HIGH | 9.6 CRITICAL |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices. | |||||
| CVE-2022-32406 | 1 Gtkradiant Project | 1 Gtkradiant | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. | |||||
| CVE-2022-24005 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-02-28 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the ap_steer binary. | |||||
| CVE-2022-37888 | 2 Arubanetworks, Siemens | 56 Ap-103, Ap-114, Ap-115 and 53 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities. | |||||
| CVE-2022-38510 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2024-02-28 | N/A | 7.8 HIGH |
| Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. | |||||
| CVE-2022-20902 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2022-36293 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. | |||||
| CVE-2022-20895 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2022-24793 | 2 Debian, Pjsip | 2 Debian Linux, Pjsip | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. | |||||
| CVE-2022-23188 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted malicious file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted malicious file in Illustrator. | |||||
| CVE-2022-22082 | 1 Qualcomm | 305 Apq8009, Apq8009 Firmware, Apq8009w and 302 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-31482 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. | |||||
| CVE-2022-28463 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | |||||
| CVE-2021-41751 | 1 Jerryscript | 1 Jerryscript | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021. | |||||
| CVE-2022-22593 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-43303 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied | |||||