Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9614 | 1 D.r.commander | 1 Libjpeg-turbo | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API. | |||||
| CVE-2022-36354 | 1 Openimageio Project | 1 Openimageio | 2023-02-02 | N/A | 5.3 MEDIUM |
| A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-40664 | 1 Apache | 1 Shiro | 2023-02-02 | N/A | 9.8 CRITICAL |
| Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | |||||
| CVE-2022-26651 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2023-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. | |||||
| CVE-2022-26499 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2023-02-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | |||||
| CVE-2022-46648 | 2 Debian, Ruby-git Project | 2 Debian Linux, Ruby-git | 2023-02-02 | N/A | 8.0 HIGH |
| ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. | |||||
| CVE-2022-41021 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template. | |||||
| CVE-2022-41020 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null)' command template. | |||||
| CVE-2023-22298 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin | 2023-02-02 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-41023 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off)' command template. | |||||
| CVE-2022-41022 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template. | |||||
| CVE-2022-41026 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off) options WORD' command template. | |||||
| CVE-2022-41025 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off) options WORD' command template. | |||||
| CVE-2022-41024 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off)' command template. | |||||
| CVE-2022-41684 | 1 Openimageio | 1 Openimageio | 2023-02-02 | N/A | 5.5 MEDIUM |
| A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-41028 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template. | |||||
| CVE-2022-41027 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template. | |||||
| CVE-2022-41029 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 7.2 HIGH |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'wlan filter mac address WORD descript WORD' command template. | |||||
| CVE-2022-41639 | 1 Openimageio Project | 1 Openimageio | 2023-02-02 | N/A | 9.8 CRITICAL |
| A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-32827 | 1 Apple | 2 Iphone Os, Macos | 2023-02-02 | N/A | 5.5 MEDIUM |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. | |||||