Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25797 | 1 Autodesk | 1 Dwg Trueview | 2022-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. | |||||
| CVE-2021-40556 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-10-07 | N/A | 8.8 HIGH |
| A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. | |||||
| CVE-2021-20294 | 1 Gnu | 1 Binutils | 2022-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. | |||||
| CVE-2022-2122 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2022-10-07 | N/A | 7.8 HIGH |
| DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. | |||||
| CVE-2022-2415 | 1 Google | 1 Chrome | 2022-10-07 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1920 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2022-10-07 | N/A | 7.8 HIGH |
| Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. | |||||
| CVE-2018-13096 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. | |||||
| CVE-2020-6452 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-13765 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2022-10-06 | 6.8 MEDIUM | 5.6 MEDIUM |
| rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | |||||
| CVE-2020-27844 | 3 Debian, Oracle, Uclouvain | 3 Debian Linux, Outside In Technology, Openjpeg | 2022-10-06 | 8.3 HIGH | 7.8 HIGH |
| A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-8899 | 1 Google | 1 Android | 2022-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. | |||||
| CVE-2022-3397 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
| OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-3398 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
| OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-3396 | 1 Omron | 1 Cx-programmer | 2022-10-06 | N/A | 9.8 CRITICAL |
| OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-11100 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | |||||
| CVE-2019-14691 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. | |||||
| CVE-2019-14690 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. | |||||
| CVE-2019-14734 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. | |||||
| CVE-2020-9549 | 2 Debian, Pdfresurrect Project | 2 Debian Linux, Pdfresurrect | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document. | |||||
| CVE-2020-16213 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||