Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36301 | 1 Dell | 2 Emc Idrac8 Firmware, Emc Idrac9 Firmware | 2022-04-25 | 6.5 MEDIUM | 7.2 HIGH |
| Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system. | |||||
| CVE-2021-38473 | 1 Auvesy | 1 Versiondog | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. | |||||
| CVE-2022-27530 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code. | |||||
| CVE-2022-27529 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code. | |||||
| CVE-2022-27526 | 1 Autodesk | 1 Design Review | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2022-1350 | 1 Artifex | 1 Ghostpcl | 2022-04-23 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. | |||||
| CVE-2018-20196 | 2 Audiocoding, Debian | 2 Freeware Advanced Audio Decoder 2, Debian Linux | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. | |||||
| CVE-2019-12788 | 1 Photodex | 1 Proshow Producer | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file. | |||||
| CVE-2019-11873 | 1 Wolfssl | 1 Wolfssl | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack. | |||||
| CVE-2020-10942 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-04-22 | 5.4 MEDIUM | 5.3 MEDIUM |
| In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | |||||
| CVE-2019-11758 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2021-32278 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32277 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32274 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32273 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. | |||||
| CVE-2021-32272 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. | |||||
| CVE-2020-12358 | 3 Intel, Netapp, Siemens | 548 Bios, Core I3-l13g4, Core I5-l16g7 and 545 more | 2022-04-22 | 2.1 LOW | 4.4 MEDIUM |
| Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2010-0128 | 3 Adobe, Apple, Microsoft | 4 Director, Shockwave Player, Macos and 1 more | 2022-04-22 | 9.3 HIGH | N/A |
| Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. | |||||
| CVE-2021-40398 | 1 Accusoft | 1 Imagegear | 2022-04-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21942 | 1 Accusoft | 1 Imagegear | 2022-04-21 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||