Search
Total
6424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24056 | 1 Santesoft | 1 Dicom Viewer Pro | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15076. | |||||
| CVE-2022-24057 | 1 Santesoft | 1 Dicom Viewer Pro | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15077. | |||||
| CVE-2022-20709 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20711 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20703 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-02-24 | 7.2 HIGH | 8.4 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-18325 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18327 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18328 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18329 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18310 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18293 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18294 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18295 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18296 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18297 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18298 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18299 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18288 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18289 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18290 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-20707 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-02-24 | 7.5 HIGH | 7.3 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-18323 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18324 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18306 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-20701 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-45971 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData). | |||||
| CVE-2021-42059 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver. | |||||
| CVE-2021-45970 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location). | |||||
| CVE-2021-45969 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location). | |||||
| CVE-2022-20704 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-02-24 | 5.8 MEDIUM | 4.8 MEDIUM |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-42554 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2019-18330 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2021-43615 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2022-20708 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-18291 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-20706 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-02-24 | 9.3 HIGH | 8.1 HIGH |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-19906 | 2 Cyrusimap, Debian | 2 Cyrus-sasl, Debian Linux | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | |||||
| CVE-2022-20705 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-18326 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-24031 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-43522 | 1 Insyde | 1 Insydeh2o | 2022-02-24 | 6.9 MEDIUM | 7.5 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2019-18292 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-23200 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23186 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-37354 | 1 Xerox | 2 Phaser 4622, Phaser 4622 Firmware | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||
| CVE-2021-45391 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service. | |||||
| CVE-2021-22788 | 1 Schneider-electric | 28 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 25 more | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | |||||
| CVE-2021-46262 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||
| CVE-2021-46263 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||
| CVE-2021-46264 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||