Total
3512 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31626 | 2 Debian, Php | 2 Debian Linux, Php | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | |||||
| CVE-2022-31482 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. | |||||
| CVE-2022-31481 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. | |||||
| CVE-2022-31209 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. | |||||
| CVE-2022-30984 | 3 Linux, Opengroup, Rubrik | 3 Linux Kernel, Unix, Cdm | 2024-11-21 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent. | |||||
| CVE-2022-30950 | 1 Jenkins | 1 Wmi Windows Agents | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. | |||||
| CVE-2022-30067 | 1 Gimp | 1 Gimp | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. | |||||
| CVE-2022-30055 | 2 Mersenne, Microsoft | 2 Prime95, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | |||||
| CVE-2022-30033 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. | |||||
| CVE-2022-30024 | 1 Tp-link | 6 Tl-wr841, Tl-wr841 Firmware, Tl-wr841n and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. | |||||
| CVE-2022-2211 | 2 Libguestfs, Redhat | 2 Libguestfs, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor. | |||||
| CVE-2022-29797 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. | |||||
| CVE-2022-29654 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | N/A | 5.5 MEDIUM |
| Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. | |||||
| CVE-2022-29591 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. | |||||
| CVE-2022-29242 | 1 Gost Engine Project | 1 Gost Engine | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround. | |||||
| CVE-2022-29189 | 1 Pion | 1 Dtls | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. | |||||
| CVE-2022-28994 | 1 Smallsrv | 1 Small Http Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | |||||
| CVE-2022-28480 | 1 Allmediaserver | 1 Allmediaserver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. | |||||
| CVE-2022-27881 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. | |||||
| CVE-2022-27643 | 1 Netgear | 54 D6220, D6220 Firmware, D6400 and 51 more | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692. | |||||