Total
12288 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29393 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. | |||||
CVE-2022-29392 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. | |||||
CVE-2022-29391 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. | |||||
CVE-2022-29379 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release | |||||
CVE-2022-29377 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH. | |||||
CVE-2022-29329 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | |||||
CVE-2022-29328 | 1 Dlink | 2 Dap-1330, Dap-1330 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | |||||
CVE-2022-29327 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | |||||
CVE-2022-29326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | |||||
CVE-2022-29325 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | |||||
CVE-2022-29324 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | |||||
CVE-2022-29323 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | |||||
CVE-2022-29322 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | |||||
CVE-2022-29321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | |||||
CVE-2022-29210 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. | |||||
CVE-2022-29208 | 1 Google | 1 Tensorflow | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
CVE-2022-29077 | 1 Ripple | 1 Rippled | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. | |||||
CVE-2022-28998 | 1 Xlightftpd | 1 Xlight Ftp | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. | |||||
CVE-2022-28990 | 1 Wasm3 Project | 1 Wasm3 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. | |||||
CVE-2022-28973 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). |