Total
1428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0770 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. | |||||
| CVE-2023-0426 | 1 Abb | 6 Ac700f, Ac700f Firmware, Ac900f and 3 more | 2024-11-21 | N/A | 8.6 HIGH |
| ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1. | |||||
| CVE-2023-0250 | 1 Deltaww | 1 Diascreen | 2024-11-21 | N/A | 7.8 HIGH |
| Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-47936 | 1 Siemens | 3 Jt Open Toolkit, Jt Utilities, Parasolid | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-47065 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-43630 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16150. | |||||
| CVE-2022-43625 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing the NetMask element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16144. | |||||
| CVE-2022-43622 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16139. | |||||
| CVE-2022-43613 | 1 Corel | 1 Coreldraw | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. When parsing CGM files, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16356. | |||||
| CVE-2022-41981 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-11-21 | N/A | 8.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-3324 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | |||||
| CVE-2022-3296 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | |||||
| CVE-2022-3085 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | N/A | 7.8 HIGH |
| Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-35867 | 1 Xhyve Project | 1 Xhyve | 2024-11-21 | N/A | 6.7 MEDIUM |
| This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056. | |||||
| CVE-2022-35299 | 1 Sap | 2 Sap Iq, Sql Anywhere | 2024-11-21 | N/A | 9.8 CRITICAL |
| SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | |||||
| CVE-2022-33279 | 1 Qualcomm | 148 Ar9380, Ar9380 Firmware, Csr8811 and 145 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length. | |||||
| CVE-2022-33264 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 481 more | 2024-11-21 | N/A | 7.9 HIGH |
| Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | |||||
| CVE-2022-33260 | 1 Qualcomm | 92 Aqt1000, Aqt1000 Firmware, Qam8295p and 89 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. | |||||
| CVE-2022-33213 | 1 Qualcomm | 418 Apq8009, Apq8009 Firmware, Apq8009w and 415 more | 2024-11-21 | N/A | 7.5 HIGH |
| Memory corruption in modem due to buffer overflow while processing a PPP packet | |||||
| CVE-2022-32502 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | |||||