Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44317 | 1 Picoc Project | 1 Picoc | 2022-11-08 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2022-44314 | 1 Picoc Project | 1 Picoc | 2022-11-08 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. | |||||
| CVE-2022-44321 | 1 Picoc Project | 1 Picoc | 2022-11-08 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. | |||||
| CVE-2022-44312 | 1 Picoc Project | 1 Picoc | 2022-11-08 | N/A | 5.5 MEDIUM |
| PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator. | |||||
| CVE-2020-12865 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-07 | 5.2 MEDIUM | 8.0 HIGH |
| A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | |||||
| CVE-2021-42739 | 5 Debian, Fedoraproject, Linux and 2 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2022-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2019-8922 | 3 Bluez, Debian, Linux | 3 Bluez, Debian Linux, Linux Kernel | 2022-11-07 | 5.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. | |||||
| CVE-2020-17541 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2022-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | |||||
| CVE-2022-32893 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Ipados, Iphone Os, Macos and 5 more | 2022-11-07 | N/A | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2022-33099 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | |||||
| CVE-2022-0583 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-45943 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Spatial And Graph and 1 more | 2022-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | |||||
| CVE-2021-41159 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2022-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. | |||||
| CVE-2022-32908 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-11-03 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges. | |||||
| CVE-2022-28845 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-11-03 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2010-0987 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-11-03 | 9.3 HIGH | 8.8 HIGH |
| Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. | |||||
| CVE-2010-0986 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-11-03 | 9.3 HIGH | 8.8 HIGH |
| Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. | |||||
| CVE-2010-0127 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-11-03 | 9.3 HIGH | 8.8 HIGH |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. | |||||
| CVE-2022-43107 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | |||||
| CVE-2022-43108 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | |||||