Export limit exceeded: 19996 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19996 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27171 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-04-28 | 7.8 High |
| InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43920 | 1 Gnu | 1 Mailman | 2025-04-28 | 5.4 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | ||||
| CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-25 | 9.8 Critical |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | ||||
| CVE-2022-44252 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | ||||
| CVE-2022-44251 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | ||||
| CVE-2022-44250 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | ||||
| CVE-2022-44249 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | ||||
| CVE-2022-36337 | 1 Insyde | 1 Kernel | 2025-04-25 | 8.2 High |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. | ||||
| CVE-2022-44789 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2025-04-25 | 8.8 High |
| A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. | ||||
| CVE-2022-44260 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. | ||||
| CVE-2022-44259 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. | ||||
| CVE-2022-44258 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. | ||||
| CVE-2022-44257 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. | ||||
| CVE-2022-44256 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2025-04-25 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. | ||||
| CVE-2022-44255 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | ||||
| CVE-2022-44254 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | ||||
| CVE-2022-44253 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 8.8 High |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | ||||
| CVE-2022-34667 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-04-25 | 4.4 Medium |
| NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. | ||||
| CVE-2022-0137 | 1 Htmldoc Project | 1 Htmldoc | 2025-04-25 | 7.5 High |
| A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. | ||||
| CVE-2023-50246 | 1 Jqlang | 1 Jq | 2025-04-25 | 6.2 Medium |
| jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue. | ||||