Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3396 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
| OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-9549 | 2 Debian, Pdfresurrect Project | 2 Debian Linux, Pdfresurrect | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document. | |||||
| CVE-2020-16213 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2017-11654 | 1 Sipcrack Project | 1 Sipcrack | 2022-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. | |||||
| CVE-2021-21813 | 1 Att | 1 Xmill | 2022-10-06 | 4.6 MEDIUM | 7.8 HIGH |
| Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. | |||||
| CVE-2021-33684 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2022-10-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low. | |||||
| CVE-2020-6458 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2022-33885 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2022-10-05 | N/A | 7.8 HIGH |
| A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. | |||||
| CVE-2022-33888 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2022-10-05 | N/A | 7.8 HIGH |
| A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2021-29998 | 2 Siemens, Windriver | 71 Ruggedcom Win Subscriber Station, Ruggedcom Win Subscriber Station Firmware, Scalance X200-4 P Irt and 68 more | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. | |||||
| CVE-2020-13494 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-13493 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | |||||
| CVE-2022-41428 | 1 Axiosys | 1 Bento4 | 2022-10-05 | N/A | 8.8 HIGH |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. | |||||
| CVE-2022-33889 | 1 Autodesk | 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more | 2022-10-05 | N/A | 7.8 HIGH |
| A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. | |||||
| CVE-2022-41420 | 1 Nasm | 1 Netwide Assembler | 2022-10-05 | N/A | 5.5 MEDIUM |
| nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component | |||||
| CVE-2011-4371 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-10-04 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2011-4370 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-10-04 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. | |||||
| CVE-2022-33883 | 1 Autodesk | 4 Advanced Material Exchange, Moldflow Adviser, Moldflow Communicator and 1 more | 2022-10-04 | N/A | 7.8 HIGH |
| A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2022-42002 | 1 Sonicjs | 1 Sonicjs | 2022-10-04 | N/A | 9.1 CRITICAL |
| SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. | |||||
| CVE-2022-40363 | 1 Flipperzero | 2 Flipper Zero, Flipper Zero Firmware | 2022-10-04 | N/A | 5.5 MEDIUM |
| A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file. | |||||