Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0137 | 1 Htmldoc Project | 1 Htmldoc | 2023-02-02 | N/A | 5.5 MEDIUM |
| A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. | |||||
| CVE-2022-24786 | 2 Debian, Pjsip | 2 Debian Linux, Pjsip | 2023-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. | |||||
| CVE-2022-41140 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2023-02-02 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796. | |||||
| CVE-2022-40718 | 1 Dlink | 2 Dir-2150, Dir-2150 Firmware | 2023-02-02 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728. | |||||
| CVE-2019-11705 | 1 Mozilla | 1 Thunderbird | 2023-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | |||||
| CVE-2018-3981 | 1 Canvasgfx | 1 Canvas Draw | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3887 | 1 Pl32 | 1 Photoline | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3888 | 1 Pl32 | 1 Photoline | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2023-24164 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. | |||||
| CVE-2023-24165 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. | |||||
| CVE-2023-24166 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. | |||||
| CVE-2019-14465 | 1 Schismtracker | 1 Schism Tracker | 2023-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. | |||||
| CVE-2023-24167 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. | |||||
| CVE-2023-24169 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. | |||||
| CVE-2023-24170 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. | |||||
| CVE-2017-14648 | 1 Bladeenc | 1 Bladeenc | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | |||||
| CVE-2023-20905 | 1 Google | 1 Android | 2023-02-01 | N/A | 7.8 HIGH |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741 | |||||
| CVE-2022-42382 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18651. | |||||
| CVE-2022-42381 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18650. | |||||
| CVE-2022-42380 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18649. | |||||