Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3843 | 1 Apple | 2 Iphone Os, Watchos | 2022-05-31 | 9.3 HIGH | 8.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4.7, watchOS 5.3.7. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2021-42586 | 1 Gnu | 1 Libredwg | 2022-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | |||||
| CVE-2021-42585 | 1 Gnu | 1 Libredwg | 2022-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | |||||
| CVE-2021-23978 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-05-27 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | |||||
| CVE-2022-28917 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp. | |||||
| CVE-2022-29643 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-28182 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 6.8 MEDIUM | 8.5 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | |||||
| CVE-2022-29642 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-29641 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-29640 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-28990 | 1 Wasm3 Project | 1 Wasm3 | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. | |||||
| CVE-2022-29638 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2019-9773 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. | |||||
| CVE-2019-9770 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. | |||||
| CVE-2021-44707 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-05-25 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23677 | 1 Arubanetworks | 22 2530, 2530 Firmware, 2540 and 19 more | 2022-05-25 | 9.3 HIGH | 8.1 HIGH |
| A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-23676 | 1 Arubanetworks | 22 2530, 2530 Firmware, 2540 and 19 more | 2022-05-25 | 9.3 HIGH | 9.8 CRITICAL |
| A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities. | |||||
| CVE-2021-34587 | 2 Bender, Ibm | 9 Cc612, Cc612 Firmware, Cc613 and 6 more | 2022-05-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. | |||||
| CVE-2021-26675 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2022-05-23 | 5.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | |||||
| CVE-2022-26002 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||