Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34424 | 1 Dell | 1 Smartfabric Os10 | 2022-09-30 | N/A | 7.5 HIGH |
| Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. | |||||
| CVE-2022-40942 | 1 Tenda | 2 Tx3, Tx3 Firmware | 2022-09-30 | N/A | 9.8 CRITICAL |
| Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. | |||||
| CVE-2019-12937 | 1 Toaruos Project | 1 Toaruos | 2022-09-29 | 7.2 HIGH | 7.8 HIGH |
| apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable. | |||||
| CVE-2022-38932 | 1 Toaruos | 1 Toaruos | 2022-09-29 | N/A | 7.8 HIGH |
| readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. | |||||
| CVE-2010-1281 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-09-29 | 9.3 HIGH | 8.8 HIGH |
| iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | |||||
| CVE-2020-35530 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2022-09-29 | N/A | 5.5 MEDIUM |
| In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. | |||||
| CVE-2021-39048 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Spectrum Protect Backup-archive Client and 3 more | 2022-09-29 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. | |||||
| CVE-2022-2347 | 1 Denx | 1 U-boot | 2022-09-29 | N/A | 7.1 HIGH |
| There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer. | |||||
| CVE-2022-21499 | 2 Debian, Oracle | 2 Debian Linux, Linux | 2022-09-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-40855 | 1 Tenda | 2 W20e, W20e Firmware | 2022-09-28 | N/A | 9.8 CRITICAL |
| Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | |||||
| CVE-2022-40866 | 1 Tenda | 2 W20e, W20e Firmware | 2022-09-28 | N/A | 9.8 CRITICAL |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ | |||||
| CVE-2022-40867 | 1 Tenda | 2 W20e, W20e Firmware | 2022-09-28 | N/A | 9.8 CRITICAL |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ | |||||
| CVE-2022-40868 | 1 Tenda | 2 W20e, W20e Firmware | 2022-09-28 | N/A | 9.8 CRITICAL |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ | |||||
| CVE-2022-40854 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set | |||||
| CVE-2021-4079 | 2 Debian, Google | 2 Debian Linux, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. | |||||
| CVE-2022-36039 | 1 Rizin | 1 Rizin | 2022-09-27 | N/A | 7.8 HIGH |
| Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. A patch is available on the `dev` branch of the repository. | |||||
| CVE-2021-27242 | 1 Parallels | 1 Parallels Desktop | 2022-09-27 | 4.6 MEDIUM | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. | |||||
| CVE-2022-32798 | 1 Apple | 1 Macos | 2022-09-27 | N/A | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges. | |||||
| CVE-2020-8230 | 1 Nextcloud | 1 Desktop | 2022-09-27 | 2.1 LOW | 5.5 MEDIUM |
| A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | |||||
| CVE-2022-40101 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-27 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||