Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2785 | 1 Pharos | 1 Popup | 2022-04-19 | 10.0 HIGH | 10.0 CRITICAL |
| An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. | |||||
| CVE-2017-2791 | 1 Justsystems | 1 Ichitaro | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application. | |||||
| CVE-2017-2790 | 1 Justsystems | 1 Ichitaro | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. | |||||
| CVE-2017-2789 | 1 Justsystems | 1 Ichitaro | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application. | |||||
| CVE-2022-27295 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
| CVE-2022-27291 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. | |||||
| CVE-2022-27292 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. | |||||
| CVE-2022-27290 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
| CVE-2022-26106 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-26105 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-27289 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
| CVE-2022-27288 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
| CVE-2022-27293 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
| CVE-2022-27294 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
| CVE-2022-26107 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-28663 | 1 Siemens | 1 Simcenter Femap | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592) | |||||
| CVE-2022-26809 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528. | |||||
| CVE-2022-28662 | 1 Siemens | 1 Simcenter Femap | 2022-04-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307) | |||||
| CVE-2022-28661 | 1 Siemens | 1 Simcenter Femap | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114) | |||||
| CVE-2021-39794 | 1 Google | 1 Android | 2022-04-19 | 7.6 HIGH | 7.8 HIGH |
| In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329 | |||||