Export limit exceeded: 14251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14251 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41854 | 3 Fedoraproject, Redhat, Snakeyaml Project | 13 Fedora, Amq Clients, Camel Spring Boot and 10 more | 2024-11-21 | 5.8 Medium |
| Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | ||||
| CVE-2022-41802 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-11-21 | 4 Medium |
| Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | ||||
| CVE-2022-41793 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-41528 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. | ||||
| CVE-2022-41527 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. | ||||
| CVE-2022-41526 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. | ||||
| CVE-2022-41524 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. | ||||
| CVE-2022-41523 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. | ||||
| CVE-2022-41522 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. | ||||
| CVE-2022-41521 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. | ||||
| CVE-2022-41520 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. | ||||
| CVE-2022-41517 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function | ||||
| CVE-2022-41430 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. | ||||
| CVE-2022-41429 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. | ||||
| CVE-2022-41428 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. | ||||
| CVE-2022-41420 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component | ||||
| CVE-2022-41301 | 1 Autodesk | 1 Subassembly Composer | 2024-11-21 | 7.8 High |
| A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-40654 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18351. | ||||
| CVE-2022-40653 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18349. | ||||
| CVE-2022-40652 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17846. | ||||