Total
1596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42760 | 2 Google, Unisoc | 14 Android, S8018, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-39274 | 1 Semtech | 1 Loramac-node | 2022-12-07 | N/A | 9.8 CRITICAL |
| LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`. | |||||
| CVE-2022-42756 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2020-21681 | 1 Fig2dev Project | 1 Fig2dev | 2022-12-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | |||||
| CVE-2020-21683 | 1 Fig2dev Project | 1 Fig2dev | 2022-12-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | |||||
| CVE-2020-21684 | 1 Fig2dev Project | 1 Fig2dev | 2022-12-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | |||||
| CVE-2020-21678 | 1 Fig2dev Project | 1 Fig2dev | 2022-12-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | |||||
| CVE-2020-21682 | 1 Fig2dev Project | 1 Fig2dev | 2022-12-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | |||||
| CVE-2021-3177 | 5 Debian, Fedoraproject, Netapp and 2 more | 10 Debian Linux, Fedora, Active Iq Unified Manager and 7 more | 2022-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | |||||
| CVE-2020-24889 | 1 Libraw | 1 Libraw | 2022-12-06 | 5.1 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | |||||
| CVE-2021-3711 | 5 Debian, Netapp, Openssl and 2 more | 31 Debian Linux, Active Iq Unified Manager, Clustered Data Ontap and 28 more | 2022-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). | |||||
| CVE-2022-45649 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function. | |||||
| CVE-2022-45651 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. | |||||
| CVE-2022-45648 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function. | |||||
| CVE-2022-45650 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function. | |||||
| CVE-2022-45647 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. | |||||
| CVE-2022-45646 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2022-12-06 | N/A | 7.5 HIGH |
| Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. | |||||
| CVE-2022-45669 | 1 Tenda | 2 I22, I22 Firmware | 2022-12-05 | N/A | 7.5 HIGH |
| Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. | |||||
| CVE-2022-45671 | 1 Tenda | 2 I22, I22 Firmware | 2022-12-05 | N/A | 7.5 HIGH |
| Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function. | |||||
| CVE-2022-45670 | 1 Tenda | 2 I22, I22 Firmware | 2022-12-05 | N/A | 7.5 HIGH |
| Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | |||||