Total
2430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44630 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2021-35081 | 1 Qualcomm | 146 Aqt1000, Aqt1000 Firmware, Ar8035 and 143 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
CVE-2022-26642 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | |||||
CVE-2022-31481 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. | |||||
CVE-2021-42728 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. | |||||
CVE-2021-40056 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. | |||||
CVE-2022-24754 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. | |||||
CVE-2021-35104 | 1 Qualcomm | 352 Apq8009w, Apq8009w Firmware, Apq8017 and 349 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2022-26490 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | |||||
CVE-2022-30950 | 1 Jenkins | 1 Wmi Windows Agents | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. | |||||
CVE-2022-23187 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. | |||||
CVE-2021-35129 | 1 Qualcomm | 90 Ar8035, Ar8035 Firmware, Ipq5010 and 87 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2021-41413 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. | |||||
CVE-2022-22634 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-1328 | 3 Debian, Fedoraproject, Mutt | 3 Debian Linux, Fedora, Mutt | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | |||||
CVE-2022-30067 | 1 Gimp | 1 Gimp | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. | |||||
CVE-2021-45757 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). | |||||
CVE-2021-22275 | 1 Br-automation | 1 Automation Runtime | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. | |||||
CVE-2022-28480 | 1 Allmediaserver | 1 Allmediaserver | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. | |||||
CVE-2022-24704 | 1 Accel-ppp | 1 Accel-ppp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered. |