Total
12879 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27239 | 5 Debian, Fedoraproject, Hp and 2 more | 19 Debian Linux, Fedora, Helion Openstack and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | |||||
| CVE-2022-27184 | 1 Hornerautomation | 1 Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-27146 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | |||||
| CVE-2022-27145 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | |||||
| CVE-2022-27135 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. | |||||
| CVE-2022-27044 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. | |||||
| CVE-2022-27022 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload. | |||||
| CVE-2022-27016 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. | |||||
| CVE-2022-26988 | 3 Fastcom, Mercusys, Tp-link | 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution. | |||||
| CVE-2022-26987 | 3 Fastcom, Mercusys, Tp-link | 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution. | |||||
| CVE-2022-26967 | 1 Gpac | 1 Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. | |||||
| CVE-2022-26953 | 1 Digi | 2 Passport, Passport Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. | |||||
| CVE-2022-26952 | 1 Digi | 2 Passport, Passport Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | |||||
| CVE-2022-26860 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | N/A | 7.5 HIGH |
| Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM. | |||||
| CVE-2022-26782 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-26781 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-26760 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | N/A | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges. | |||||
| CVE-2022-26756 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26751 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2022-26748 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||