Total
12534 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40651 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17844. | |||||
| CVE-2022-40650 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838. | |||||
| CVE-2022-40648 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563. | |||||
| CVE-2022-40644 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17408. | |||||
| CVE-2022-40641 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17317. | |||||
| CVE-2022-40514 | 1 Qualcomm | 456 Aqt1000, Aqt1000 Firmware, Ar8031 and 453 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. | |||||
| CVE-2022-40510 | 1 Qualcomm | 408 Apq8009, Apq8009 Firmware, Apq8009w and 405 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. | |||||
| CVE-2022-40160 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | N/A | 6.5 MEDIUM |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | |||||
| CVE-2022-40159 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | N/A | 6.5 MEDIUM |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | |||||
| CVE-2022-40149 | 2 Debian, Jettison Project | 2 Debian Linux, Jettison | 2024-11-21 | N/A | 6.5 MEDIUM |
| Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | |||||
| CVE-2022-40076 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic. | |||||
| CVE-2022-40075 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set. | |||||
| CVE-2022-40074 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi. | |||||
| CVE-2022-40073 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo. | |||||
| CVE-2022-40072 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement. | |||||
| CVE-2022-40071 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName. | |||||
| CVE-2022-40070 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg. | |||||
| CVE-2022-40069 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| ]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime. | |||||
| CVE-2022-40068 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand. | |||||
| CVE-2022-40067 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer. | |||||