Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27016 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. | |||||
| CVE-2022-23973 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 5.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. | |||||
| CVE-2022-27044 | 1 Libsixel Project | 1 Libsixel | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
| libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. | |||||
| CVE-2022-25596 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2022-04-14 | 5.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | |||||
| CVE-2022-1240 | 1 Radare | 1 Radare2 | 2022-04-14 | 6.8 MEDIUM | 7.8 HIGH |
| Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | |||||
| CVE-2021-40656 | 1 Libsixel Project | 1 Libsixel | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
| libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. | |||||
| CVE-2021-26112 | 1 Fortinet | 1 Fortiwan | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests. | |||||
| CVE-2021-44109 | 1 Open5gs | 1 Open5gs | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. | |||||
| CVE-2022-26953 | 1 Digi | 2 Passport, Passport Firmware | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. | |||||
| CVE-2022-26952 | 1 Digi | 2 Passport, Passport Firmware | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | |||||
| CVE-2019-3729 | 1 Dell | 1 Bsafe Micro-edition-suite | 2022-04-12 | 2.7 LOW | 2.4 LOW |
| RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. | |||||
| CVE-2022-1068 | 1 Modbustools | 1 Modbus Slave | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used. | |||||
| CVE-2022-1211 | 1 Tildearrow | 1 Furnace | 2022-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. | |||||
| CVE-2020-6018 | 1 Valvesoftware | 1 Game Networking Sockets | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. | |||||
| CVE-2020-6017 | 1 Valvesoftware | 1 Game Networking Sockets | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. | |||||
| CVE-2021-32976 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2022-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. | |||||
| CVE-2022-28381 | 1 Allmediaserver | 1 Allmediaserver | 2022-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. | |||||
| CVE-2017-5130 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Chrome, Libxml2 | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | |||||
| CVE-2022-0454 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0604 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||