Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44001 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974) | |||||
| CVE-2021-44013 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103) | |||||
| CVE-2019-13734 | 8 Canonical, Debian, Fedoraproject and 5 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2022-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-38278 | 1 Tendacn | 2 Ac10, Ac10 Firmware | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. | |||||
| CVE-2021-42008 | 3 Debian, Linux, Netapp | 20 Debian Linux, Linux Kernel, H300e and 17 more | 2022-03-29 | 6.9 MEDIUM | 7.8 HIGH |
| The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | |||||
| CVE-2021-45970 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location). | |||||
| CVE-2021-45969 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location). | |||||
| CVE-2021-43522 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 6.9 MEDIUM | 7.5 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-45971 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData). | |||||
| CVE-2022-20706 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-03-29 | 9.3 HIGH | 8.1 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20708 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20704 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-03-29 | 5.8 MEDIUM | 4.8 MEDIUM |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20703 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-03-29 | 7.2 HIGH | 8.4 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-43615 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2022-24031 | 1 Insyde | 1 Insydeh2o | 2022-03-29 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-41736 | 1 Grame | 1 Faust | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp. | |||||
| CVE-2022-22586 | 1 Apple | 1 Macos | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22587 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2022-22584 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2022-22596 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2022-03-28 | 7.2 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | |||||