Total
2268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40160 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | N/A | 6.5 MEDIUM |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | |||||
| CVE-2022-40159 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | N/A | 6.5 MEDIUM |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | |||||
| CVE-2022-40149 | 2 Debian, Jettison Project | 2 Debian Linux, Jettison | 2024-11-21 | N/A | 6.5 MEDIUM |
| Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | |||||
| CVE-2022-3409 | 1 Openbmc-project | 1 Openbmc | 2024-11-21 | N/A | 8.2 HIGH |
| A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. | |||||
| CVE-2022-3386 | 1 Advantech | 1 R-seenet | 2024-11-21 | N/A | 9.8 CRITICAL |
| Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. | |||||
| CVE-2022-3385 | 1 Advantech | 1 R-seenet | 2024-11-21 | N/A | 9.8 CRITICAL |
| Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. | |||||
| CVE-2022-3324 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | |||||
| CVE-2022-3296 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | |||||
| CVE-2022-3228 | 1 Hosteng | 2 H0-ecom100, H0-ecom100 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. | |||||
| CVE-2022-3159 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | N/A | 7.8 HIGH |
| The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-3085 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | N/A | 7.8 HIGH |
| Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-38752 | 1 Snakeyaml Project | 1 Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. | |||||
| CVE-2022-38751 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
| CVE-2022-38750 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
| CVE-2022-38749 | 2 Debian, Snakeyaml Project | 2 Debian Linux, Snakeyaml | 2024-11-21 | N/A | 6.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||||
| CVE-2022-38450 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-37398 | 1 Asustor | 1 Adm | 2024-11-21 | N/A | 7.1 HIGH |
| A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. | |||||
| CVE-2022-36063 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-11-21 | N/A | 7.6 HIGH |
| Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround. | |||||
| CVE-2022-35867 | 1 Xhyve Project | 1 Xhyve | 2024-11-21 | N/A | 6.7 MEDIUM |
| This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056. | |||||
| CVE-2022-35710 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | |||||