Export limit exceeded: 21467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21467 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35476 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. | ||||
| CVE-2022-35409 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-11-21 | 9.1 Critical |
| An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. | ||||
| CVE-2022-35299 | 1 Sap | 2 Sap Iq, Sql Anywhere | 2024-11-21 | 9.8 Critical |
| SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | ||||
| CVE-2022-35260 | 4 Apple, Haxx, Netapp and 1 more | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2024-11-21 | 6.5 Medium |
| curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | ||||
| CVE-2022-35258 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2024-11-21 | 7.5 High |
| An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | ||||
| CVE-2022-35234 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 7.1 High |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. | ||||
| CVE-2022-35192 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 7.5 High |
| D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. | ||||
| CVE-2022-35161 | 1 Generalized Electric Vehicle Reverse Engineering Tool Project | 1 Generalized Electric Vehicle Reverse Engineering Tool | 2024-11-21 | 9.8 Critical |
| GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. | ||||
| CVE-2022-35114 | 1 Swftools | 1 Swftools | 2024-11-21 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c. | ||||
| CVE-2022-35106 | 1 Swftools | 1 Swftools | 2024-11-21 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc. | ||||
| CVE-2022-35100 | 1 Swftools | 1 Swftools | 2024-11-21 | 6.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via gfxline_getbbox at /lib/gfxtools.c. | ||||
| CVE-2022-35020 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. | ||||
| CVE-2022-35017 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | ||||
| CVE-2022-35016 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | ||||
| CVE-2022-35015 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. | ||||
| CVE-2022-35011 | 1 Pngdec Project | 1 Pngdec | 2024-11-21 | 8.8 High |
| PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflate_fast at /src/inffast.c. | ||||
| CVE-2022-35003 | 1 Bitbanksoftware | 1 Jpegdec | 2024-11-21 | 7.8 High |
| JPEGDEC commit be4843c was discovered to contain a global buffer overflow via ucDitherBuffer at /src/jpeg.inl. | ||||
| CVE-2022-34998 | 1 Bitbanksoftware | 1 Jpegdec | 2024-11-21 | 7.8 High |
| JPEGDEC commit be4843c was discovered to contain a global buffer overflow via JPEGDecodeMCU at /src/jpeg.inl. | ||||
| CVE-2022-34889 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 8.2 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ACPI virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-16554. | ||||
| CVE-2022-34886 | 1 Lenovo | 6 G263dns, G263dns Firmware, Gm265dn and 3 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow. | ||||