Search
Total
1388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26741 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26742 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-29246 | 1 Microsoft | 1 Azure Rtos Usbx | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected. | |||||
| CVE-2022-26749 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26750 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26752 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26753 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26754 | 1 Apple | 1 Macos | 2022-06-07 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2017-2830 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2851 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 6.0 MEDIUM | 7.2 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. | |||||
| CVE-2017-2831 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2856 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.3 HIGH | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | |||||
| CVE-2017-2857 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.3 HIGH | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | |||||
| CVE-2017-2855 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.3 HIGH | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | |||||
| CVE-2017-2854 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.3 HIGH | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | |||||
| CVE-2017-2878 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2879 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 2.9 LOW | 5.3 MEDIUM |
| An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability. | |||||
| CVE-2017-2876 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. | |||||
| CVE-2017-2875 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. | |||||
| CVE-2022-29242 | 1 Gost Engine Project | 1 Gost Engine | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround. | |||||
| CVE-2022-29223 | 1 Microsoft | 1 Azure Rtos Usbx | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10. | |||||
| CVE-2022-26640 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-06-05 | 6.5 MEDIUM | 7.2 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. | |||||
| CVE-2022-26639 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-06-05 | 6.5 MEDIUM | 7.2 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | |||||
| CVE-2022-24754 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-06-05 | 7.5 HIGH | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. | |||||
| CVE-2021-25149 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25144 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-06-04 | 9.0 HIGH | 8.8 HIGH |
| A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2017-2840 | 1 Ezbsystems | 1 Ultraiso | 2022-06-03 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. | |||||
| CVE-2009-1186 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2022-06-03 | 2.1 LOW | N/A |
| Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. | |||||
| CVE-2021-43303 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied | |||||
| CVE-2022-29210 | 1 Google | 1 Tensorflow | 2022-06-03 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. | |||||
| CVE-2022-29189 | 1 Pion | 1 Dtls | 2022-06-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. | |||||
| CVE-2020-3909 | 2 Apple, Oracle | 8 Icloud, Ipados, Iphone Os and 5 more | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. | |||||
| CVE-2022-24793 | 1 Pjsip | 1 Pjsip | 2022-06-02 | 4.3 MEDIUM | 7.5 HIGH |
| PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. | |||||
| CVE-2022-24903 | 2 Fedoraproject, Rsyslog | 2 Fedora, Rsyslog | 2022-06-02 | 6.8 MEDIUM | 8.1 HIGH |
| Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. | |||||
| CVE-2022-27242 | 1 Siemens | 1 Openv2g | 2022-06-01 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. | |||||
| CVE-2022-30033 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. | |||||
| CVE-2022-29023 | 1 Openrazer Project | 1 Openrazer | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2022-30950 | 1 Jenkins | 1 Wmi Windows Agents | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. | |||||
| CVE-2022-29021 | 1 Openrazer Project | 1 Openrazer | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2022-29022 | 1 Openrazer Project | 1 Openrazer | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2021-30957 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2022-1110 | 1 Lenovo | 1 Smart Standby Driver | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. | |||||
| CVE-2021-30977 | 1 Apple | 2 Mac Os X, Macos | 2022-05-26 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-1735 | 1 Vim | 1 Vim | 2022-05-25 | 6.8 MEDIUM | 7.8 HIGH |
| Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | |||||
| CVE-2021-22275 | 1 Br-automation | 1 Automation Runtime | 2022-05-25 | 7.8 HIGH | 8.6 HIGH |
| Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. | |||||
| CVE-2022-30055 | 2 Mersenne, Microsoft | 2 Prime95, Windows | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | |||||
| CVE-2020-8252 | 3 Fedoraproject, Nodejs, Opensuse | 3 Fedora, Node.js, Leap | 2022-05-24 | 4.6 MEDIUM | 7.8 HIGH |
| The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | |||||
| CVE-2022-22281 | 1 Sonicwall | 1 Netextender | 2022-05-24 | 7.2 HIGH | 7.8 HIGH |
| A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | |||||
| CVE-2022-24910 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-42863 | 1 Jerryscript | 1 Jerryscript | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. | |||||