Export limit exceeded: 21447 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21447 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1441 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 7.8 High |
| MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. | ||||
| CVE-2022-1437 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2022-1427 | 1 Mruby | 1 Mruby | 2024-11-21 | 7.8 High |
| Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. | ||||
| CVE-2022-1420 | 4 Apple, Fedoraproject, Redhat and 1 more | 4 Macos, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. | ||||
| CVE-2022-1383 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.1 Medium |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2022-1381 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 7.8 High |
| global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | ||||
| CVE-2022-1355 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 6.1 Medium |
| A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | ||||
| CVE-2022-1354 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 5.5 Medium |
| A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. | ||||
| CVE-2022-1328 | 4 Debian, Fedoraproject, Mutt and 1 more | 4 Debian Linux, Fedora, Mutt and 1 more | 2024-11-21 | 4.3 Medium |
| Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | ||||
| CVE-2022-1297 | 1 Radare | 1 Radare2 | 2024-11-21 | 9.1 Critical |
| Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | ||||
| CVE-2022-1296 | 1 Radare | 1 Radare2 | 2024-11-21 | 9.1 Critical |
| Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | ||||
| CVE-2022-1286 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.8 Critical |
| heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | ||||
| CVE-2022-1276 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.8 Critical |
| Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | ||||
| CVE-2022-1253 | 1 Struktur | 1 Libde265 | 2024-11-21 | 9.8 Critical |
| Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. | ||||
| CVE-2022-1244 | 1 Radare | 1 Radare2 | 2024-11-21 | 5.5 Medium |
| heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | ||||
| CVE-2022-1240 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1237 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1207 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.6 Medium |
| Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary. | ||||
| CVE-2022-1202 | 1 Usabilitydynamics | 1 Wp-crm | 2024-11-21 | 7.8 High |
| The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | ||||
| CVE-2022-1194 | 1 Mobileeventsmanager | 1 Mobile Events Manager | 2024-11-21 | 8.8 High |
| The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. | ||||