Total
12879 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23400 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-23399 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2022-23318 | 1 Pcf2bdf Project | 1 Pcf2bdf | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact. | |||||
| CVE-2022-23205 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23200 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23186 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23103 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2022-23006 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2024-11-21 | N/A | 1.8 LOW |
| A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes. | |||||
| CVE-2022-22989 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues. | |||||
| CVE-2022-22899 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | 2.6 LOW | 5.5 MEDIUM |
| Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service. | |||||
| CVE-2022-22895 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c. | |||||
| CVE-2022-22894 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. | |||||
| CVE-2022-22893 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. | |||||
| CVE-2022-22888 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c. | |||||
| CVE-2022-22752 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 8.8 HIGH |
| Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 96. | |||||
| CVE-2022-22707 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. | |||||
| CVE-2022-22672 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22666 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. | |||||
| CVE-2022-22651 | 1 Apple | 1 Macos | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2022-22640 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. | |||||