Export limit exceeded: 20028 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20028 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41873 | 1 Contiki-ng | 1 Contiki-ng | 2025-04-23 | 4.2 Medium |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. | ||||
| CVE-2022-41942 | 1 Sourcegraph | 1 Sourcegraph | 2025-04-23 | 7.9 High |
| Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0. | ||||
| CVE-2022-41902 | 1 Google | 1 Tensorflow | 2025-04-23 | 7.1 High |
| TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. | ||||
| CVE-2022-23478 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2025-04-23 | 9.1 Critical |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. | ||||
| CVE-2022-42255 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2025-04-23 | 5.3 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | ||||
| CVE-2023-51101 | 1 Tenda | 2 W9, W9 Firmware | 2025-04-23 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. | ||||
| CVE-2022-45026 | 1 Markdown Preview Enhanced Project | 1 Markdown Preview Enhanced | 2025-04-23 | 9.8 Critical |
| An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. | ||||
| CVE-2022-45025 | 1 Markdown Preview Enhanced Project | 1 Markdown Preview Enhanced | 2025-04-23 | 9.8 Critical |
| Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. | ||||
| CVE-2022-44931 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-23 | 7.5 High |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | ||||
| CVE-2025-3679 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-45525 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. | ||||
| CVE-2022-45524 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. | ||||
| CVE-2022-45523 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. | ||||
| CVE-2022-45522 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. | ||||
| CVE-2022-45521 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. | ||||
| CVE-2022-45520 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. | ||||
| CVE-2022-45519 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. | ||||
| CVE-2022-45518 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. | ||||
| CVE-2022-45517 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. | ||||
| CVE-2022-45516 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. | ||||