Vulnerabilities (CVE)

Filtered by CWE-787
Total 12288 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29393 1 Totolink 2 N600r, N600r Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc.
CVE-2022-29392 1 Totolink 2 N600r, N600r Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24.
CVE-2022-29391 1 Totolink 2 N600r, N600r Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.
CVE-2022-29379 1 F5 1 Njs 2024-11-21 7.5 HIGH 9.8 CRITICAL
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release
CVE-2022-29377 1 Totolink 2 A3600r, A3600r Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH.
CVE-2022-29329 1 Dlink 2 Dap-1330, Dap-1330 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.
CVE-2022-29328 1 Dlink 2 Dap-1330, Dap-1330 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.
CVE-2022-29327 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
CVE-2022-29326 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
CVE-2022-29325 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
CVE-2022-29324 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
CVE-2022-29323 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
CVE-2022-29322 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
CVE-2022-29321 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
CVE-2022-29210 1 Google 1 Tensorflow 2024-11-21 2.1 LOW 5.5 MEDIUM
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1.
CVE-2022-29208 1 Google 1 Tensorflow 2024-11-21 3.6 LOW 7.1 HIGH
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
CVE-2022-29077 1 Ripple 1 Rippled 2024-11-21 7.5 HIGH 9.8 CRITICAL
A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat.
CVE-2022-28998 1 Xlightftpd 1 Xlight Ftp 2024-11-21 5.5 MEDIUM 8.1 HIGH
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.
CVE-2022-28990 1 Wasm3 Project 1 Wasm3 2024-11-21 4.6 MEDIUM 7.8 HIGH
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.
CVE-2022-28973 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).