Search
Total
3972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27869 | 1 Autodesk | 1 Autocad | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code. | |||||
| CVE-2022-27870 | 1 Autodesk | 1 Autocad | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code. | |||||
| CVE-2022-33034 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. | |||||
| CVE-2022-33032 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. | |||||
| CVE-2022-33028 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. | |||||
| CVE-2022-33026 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | |||||
| CVE-2018-25042 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. | |||||
| CVE-2021-41683 | 1 Jerryscript | 1 Jerryscript | 2022-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 | |||||
| CVE-2014-125024 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125020 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125015 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2022-30656 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30664 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30653 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30652 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30654 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30650 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-45918 | 1 Nhi | 1 Health Insurance Web Service Component | 2022-06-27 | 7.8 HIGH | 7.5 HIGH |
| NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service. | |||||
| CVE-2022-30665 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30663 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30662 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30661 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30660 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30659 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30658 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27532 | 1 Autodesk | 1 3ds Max | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution. | |||||
| CVE-2019-5057 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5058 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5038 | 1 Openweave | 1 Openweave-core | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. | |||||
| CVE-2019-5051 | 4 Canonical, Debian, Libsdl and 1 more | 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | |||||
| CVE-2019-5039 | 1 Openweave | 1 Openweave-core | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability. | |||||
| CVE-2019-5060 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5059 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5041 | 1 Aspose | 1 Aspose.words | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability. | |||||
| CVE-2019-5045 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5046 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5048 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5050 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5088 | 1 Investintech | 1 Able2extract | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file. | |||||
| CVE-2022-26302 | 1 Fujielectric | 1 V-sft | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-30538 | 1 Fujielectric | 1 Monitouch V-sft | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-31054 | 1 Argoproj | 1 Argo Events | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1. | |||||
| CVE-2022-25292 | 1 Watchguard | 1 Fireware | 2022-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||
| CVE-2022-25293 | 1 Watchguard | 1 Fireware | 2022-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||
| CVE-2022-23850 | 1 Epub2txt Project | 1 Epub2txt | 2022-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document. | |||||
| CVE-2022-28844 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28843 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28841 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28840 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28839 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||