Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25552 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. | |||||
| CVE-2022-25554 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter. | |||||
| CVE-2022-25553 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter. | |||||
| CVE-2022-25548 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. | |||||
| CVE-2022-25546 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. | |||||
| CVE-2022-25551 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. | |||||
| CVE-2022-25550 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-03-11 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. | |||||
| CVE-2021-34340 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2022-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34339 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2022-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34338 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2022-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2022-25106 | 1 Dlink | 4 Dir-859, Dir-859 A3, Dir-859 A3 Firmware and 1 more | 2022-03-11 | 7.1 HIGH | 5.5 MEDIUM |
| D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | |||||
| CVE-2022-24661 | 1 Siemens | 1 Simcenter Star-ccm\+ Viewer | 2022-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-25044 | 1 Espruino | 1 Espruino | 2022-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. | |||||
| CVE-2022-25465 | 1 Espruino | 1 Espruino | 2022-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. | |||||
| CVE-2021-23206 | 1 Htmldoc Project | 1 Htmldoc | 2022-03-10 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | |||||
| CVE-2019-20840 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2022-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. | |||||
| CVE-2019-20788 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. | |||||
| CVE-2021-46393 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. | |||||
| CVE-2021-46394 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. | |||||
| CVE-2020-14402 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2022-03-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | |||||