Export limit exceeded: 348704 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43686 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43686 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25309 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service. | ||||
| CVE-2022-25308 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. | ||||
| CVE-2022-25301 | 1 Jsgui-lang-essentials Project | 1 Jsgui-lang-essentials | 2024-11-21 | 7.7 High |
| All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. | ||||
| CVE-2022-25296 | 1 Bodymen Project | 1 Bodymen | 2024-11-21 | 6.3 Medium |
| The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897) | ||||
| CVE-2022-25291 | 1 Watchguard | 1 Fireware | 2024-11-21 | 8.8 High |
| An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||
| CVE-2022-25183 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.8 High |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. | ||||
| CVE-2022-25182 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.8 High |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | ||||
| CVE-2022-25181 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.8 High |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | ||||
| CVE-2022-25062 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 7.5 High |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2022-25051 | 1 Rtl 433 Project | 1 Rtl 433 | 2024-11-21 | 5.5 Medium |
| An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. | ||||
| CVE-2022-24988 | 1 Galois 2p8 Project | 1 Galois 2p8 | 2024-11-21 | 9.8 Critical |
| In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector. | ||||
| CVE-2022-24971 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15812. | ||||
| CVE-2022-24949 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-11-21 | 7.5 High |
| A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen(). | ||||
| CVE-2022-24836 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Macos, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. | ||||
| CVE-2022-24705 | 1 Accel-ppp | 1 Accel-ppp | 2024-11-21 | 9.8 Critical |
| The rad_packet_recv function in radius/packet.c suffers from a memcpy buffer overflow, resulting in an overly-large recvfrom into a fixed buffer that causes a buffer overflow and overwrites arbitrary memory. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. | ||||
| CVE-2022-24704 | 1 Accel-ppp | 1 Accel-ppp | 2024-11-21 | 9.8 Critical |
| The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suffers from a buffer overflow vulnerability, whereby user input len is copied into a fixed buffer &attr->val.integer without any bound checks. If the client connects to the server and sends a large radius packet, a buffer overflow vulnerability will be triggered. | ||||
| CVE-2022-24702 | 1 Winaprs | 1 Winaprs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-24701 | 1 Winaprs | 1 Winaprs | 2024-11-21 | 7.8 High |
| An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-24700 | 1 Winaprs | 1 Winaprs | 2024-11-21 | 7.5 High |
| An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-24675 | 4 Fedoraproject, Golang, Netapp and 1 more | 17 Fedora, Go, Kubernetes Monitoring Operator and 14 more | 2024-11-21 | 7.5 High |
| encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | ||||