Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45523 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. | |||||
| CVE-2022-45522 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. | |||||
| CVE-2022-45521 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. | |||||
| CVE-2022-45517 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. | |||||
| CVE-2022-45516 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. | |||||
| CVE-2022-45510 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. | |||||
| CVE-2022-45509 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. | |||||
| CVE-2022-45508 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. | |||||
| CVE-2022-45507 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. | |||||
| CVE-2022-45503 | 1 Tenda | 2 W6-s, W6-s Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. | |||||
| CVE-2022-45501 | 1 Tenda | 2 W6-s, W6-s Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. | |||||
| CVE-2017-16252 | 1 Insteon | 2 Hub 2245-222, Hub Firmware | 2022-12-09 | 5.5 MEDIUM | 8.1 HIGH |
| Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2017-16253 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2017-16254 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2017-14440 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2022-43509 | 1 Omron | 1 Cx-programmer | 2022-12-09 | N/A | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-3890 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-12-08 | N/A | 9.6 CRITICAL |
| Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-28664 | 1 Freshtomato | 1 Freshtomato | 2022-12-08 | N/A | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption. | |||||
| CVE-2021-43305 | 2 Debian, Yandex | 2 Debian Linux, Clickhouse | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call. | |||||
| CVE-2022-28665 | 1 Freshtomato | 1 Freshtomato | 2022-12-08 | N/A | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption. | |||||