Total
2385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29189 | 1 Pion | 1 Dtls | 2022-06-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. | |||||
| CVE-2020-3909 | 2 Apple, Oracle | 8 Icloud, Ipados, Iphone Os and 5 more | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. | |||||
| CVE-2022-27242 | 1 Siemens | 1 Openv2g | 2022-06-01 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. | |||||
| CVE-2021-21827 | 1 Att | 1 Xmill | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21828 | 1 Att | 1 Xmill | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21826 | 1 Att | 1 Xmill | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-30033 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. | |||||
| CVE-2022-1110 | 1 Lenovo | 1 Smart Standby Driver | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. | |||||
| CVE-2021-22275 | 1 Br-automation | 1 Automation Runtime | 2022-05-25 | 7.8 HIGH | 8.6 HIGH |
| Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. | |||||
| CVE-2022-30055 | 2 Mersenne, Microsoft | 2 Prime95, Windows | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | |||||
| CVE-2022-22281 | 1 Sonicwall | 1 Netextender | 2022-05-24 | 7.2 HIGH | 7.8 HIGH |
| A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | |||||
| CVE-2022-24910 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-42863 | 1 Jerryscript | 1 Jerryscript | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. | |||||
| CVE-2022-29591 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. | |||||
| CVE-2015-8126 | 9 Apple, Canonical, Debian and 6 more | 21 Mac Os X, Ubuntu Linux, Debian Linux and 18 more | 2022-05-13 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | |||||
| CVE-2022-22805 | 1 Schneider-electric | 16 Scl Series 1029 Ups, Scl Series 1029 Ups Firmware, Scl Series 1030 Ups and 13 more | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior) | |||||
| CVE-2022-27881 | 1 Openbsd | 1 Openbsd | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. | |||||
| CVE-2022-28994 | 1 Smallsrv | 1 Small Http Server | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | |||||
| CVE-2022-28480 | 1 Allmediaserver | 1 Allmediaserver | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. | |||||
| CVE-2022-0636 | 1 Lenovo | 1 Thin Installer | 2022-05-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. | |||||