Total
1596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3894 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2022-12-02 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability. | |||||
| CVE-2018-3895 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2022-12-02 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3896 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2022-12-02 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. | |||||
| CVE-2018-3897 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2022-12-02 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability. | |||||
| CVE-2022-44283 | 1 Avs4you | 1 Avs Audio Converter | 2022-12-01 | N/A | 9.8 CRITICAL |
| AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. | |||||
| CVE-2019-6557 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2022-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. | |||||
| CVE-2022-39067 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2022-11-30 | N/A | 6.5 MEDIUM |
| There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack. | |||||
| CVE-2021-4207 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2022-11-29 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2021-43042 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker. | |||||
| CVE-2022-44180 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. | |||||
| CVE-2022-44178 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. | |||||
| CVE-2022-44177 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. | |||||
| CVE-2022-44176 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. | |||||
| CVE-2022-44175 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | |||||
| CVE-2022-44174 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. | |||||
| CVE-2022-44172 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. | |||||
| CVE-2022-44171 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set. | |||||
| CVE-2022-44183 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-11-28 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. | |||||
| CVE-2022-41894 | 1 Google | 1 Tensorflow | 2022-11-22 | N/A | 8.1 HIGH |
| TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-44204 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2022-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. | |||||