Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43106 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. | |||||
| CVE-2022-43105 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | |||||
| CVE-2022-43103 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. | |||||
| CVE-2022-43101 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | |||||
| CVE-2022-43102 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | |||||
| CVE-2022-43104 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2022-11-03 | N/A | 9.8 CRITICAL |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | |||||
| CVE-2022-3784 | 1 Axiosys | 1 Bento4 | 2022-11-03 | N/A | 7.8 HIGH |
| A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563. | |||||
| CVE-2022-3785 | 1 Axiosys | 1 Bento4 | 2022-11-03 | N/A | 7.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564. | |||||
| CVE-2022-24936 | 1 Silabs | 1 Gecko Bootloader | 2022-11-03 | N/A | 9.1 CRITICAL |
| Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. | |||||
| CVE-2022-42827 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-11-03 | N/A | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2022-42808 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-11-02 | N/A | 9.8 CRITICAL |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. | |||||
| CVE-2022-42795 | 1 Apple | 4 Iphone Os, Macos, Tvos and 1 more | 2022-11-02 | N/A | 8.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2022-32925 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2022-11-02 | N/A | 7.1 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2022-32843 | 1 Apple | 2 Mac Os X, Macos | 2022-11-02 | N/A | 7.1 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory. | |||||
| CVE-2022-22631 | 1 Apple | 2 Mac Os X, Macos | 2022-11-02 | 4.6 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. | |||||
| CVE-2022-22613 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-11-02 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-44790 | 7 Apache, Apple, Debian and 4 more | 14 Http Server, Mac Os X, Macos and 11 more | 2022-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | |||||
| CVE-2022-43152 | 1 Tsmuxer Project | 1 Tsmuxer | 2022-11-01 | N/A | 5.5 MEDIUM |
| tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h. | |||||
| CVE-2022-3228 | 1 Hosteng | 2 H0-ecom100, H0-ecom100 Firmware | 2022-11-01 | N/A | 6.5 MEDIUM |
| Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. | |||||
| CVE-2022-43148 | 1 Rtf2html Project | 1 Rtf2html | 2022-11-01 | N/A | 5.5 MEDIUM |
| rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h. | |||||