Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25561 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-03-18 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||||
| CVE-2022-25560 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-03-18 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||||
| CVE-2022-25556 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-03-18 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||||
| CVE-2021-45955 | 1 Thekelleys | 1 Dnsmasq | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed. | |||||
| CVE-2021-45956 | 1 Thekelleys | 1 Dnsmasq | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45954 | 1 Thekelleys | 1 Dnsmasq | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45957 | 1 Thekelleys | 1 Dnsmasq | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45953 | 1 Thekelleys | 1 Dnsmasq | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45952 | 1 Thekelleys | 1 Dnsmasq | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2021-45951 | 1 Thekelleys | 1 Dnsmasq | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." | |||||
| CVE-2022-20058 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6762 and 30 more | 2022-03-17 | 4.4 MEDIUM | 6.6 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485. | |||||
| CVE-2022-20059 | 2 Google, Mediatek | 35 Android, Mt6761, Mt6762 and 32 more | 2022-03-17 | 4.4 MEDIUM | 6.6 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781. | |||||
| CVE-2022-20056 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6762 and 30 more | 2022-03-17 | 4.4 MEDIUM | 6.6 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820. | |||||
| CVE-2021-43534 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-03-17 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2022-20055 | 2 Google, Mediatek | 33 Android, Mt6761, Mt6762 and 30 more | 2022-03-17 | 7.2 HIGH | 6.8 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830. | |||||
| CVE-2022-20048 | 2 Google, Mediatek | 11 Android, Mt5816, Mt5835 and 8 more | 2022-03-17 | 7.2 HIGH | 7.8 HIGH |
| In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502. | |||||
| CVE-2022-21137 | 1 Omron | 1 Cx-one | 2022-03-17 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-24995 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | |||||
| CVE-2021-29977 | 1 Mozilla | 1 Firefox | 2022-03-16 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90. | |||||
| CVE-2022-20047 | 2 Google, Mediatek | 11 Android, Mt5816, Mt5835 and 8 more | 2022-03-15 | 7.2 HIGH | 7.8 HIGH |
| In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. | |||||