Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26208 | 1 Jhead Project | 1 Jhead | 2022-02-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue. | |||||
| CVE-2022-24147 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-02-07 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters. | |||||
| CVE-2022-24152 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-02-07 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||||
| CVE-2022-24153 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-02-07 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | |||||
| CVE-2022-24149 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-02-07 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. | |||||
| CVE-2022-24151 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-02-07 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. | |||||
| CVE-2022-24157 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-02-07 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter. | |||||
| CVE-2021-39846 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-02-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. | |||||
| CVE-2021-39845 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-02-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. | |||||
| CVE-2012-0254 | 1 Honeywell | 3 Enterprise Building Manager, Experion, Symmetre | 2022-02-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-4933 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-02-03 | 6.0 MEDIUM | 8.8 HIGH |
| VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | |||||
| CVE-2016-9343 | 1 Rockwellautomation | 32 1768 Compact Guardlogix L4xs Controller, 1768 Compact Guardlogix L4xs Controller Firmware, 1768 Compactlogix L4x Controller and 29 more | 2022-02-03 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. | |||||
| CVE-2017-4924 | 1 Vmware | 3 Esxi, Fusion, Workstation Pro | 2022-02-03 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2013-0662 | 2 Schneider-electric, Schneider Electric | 13 Concept, Modbus Serial Driver, Modbuscommdtm Sl and 10 more | 2022-02-03 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. | |||||
| CVE-2021-43024 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2022-02-03 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-22807 | 1 Schneider-electric | 1 Guicon | 2022-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | |||||
| CVE-2021-46527 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c. | |||||
| CVE-2021-46524 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c. | |||||
| CVE-2021-46523 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c. | |||||
| CVE-2021-46522 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53. | |||||