Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34742 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-29777 | 1 Onlyoffice | 2 Core, Document Server | 2022-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | |||||
| CVE-2022-29776 | 1 Onlyoffice | 2 Core, Document Server | 2022-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | |||||
| CVE-2021-38495 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. | |||||
| CVE-2021-38493 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. | |||||
| CVE-2021-29989 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29988 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29984 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29976 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | |||||
| CVE-2021-29970 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 5.1 MEDIUM | 8.8 HIGH |
| A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | |||||
| CVE-2021-29967 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. | |||||
| CVE-2020-24870 | 1 Libraw | 1 Libraw | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. | |||||
| CVE-2022-41301 | 1 Autodesk | 1 Subassembly Composer | 2022-12-09 | N/A | 7.8 HIGH |
| A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2021-45927 | 1 Mdbtools Project | 1 Mdbtools | 2022-12-09 | 4.6 MEDIUM | 7.8 HIGH |
| MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind). | |||||
| CVE-2021-45926 | 1 Mdbtools Project | 1 Mdbtools | 2022-12-09 | 4.6 MEDIUM | 7.8 HIGH |
| MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind). | |||||
| CVE-2019-4087 | 1 Ibm | 1 Spectrum Protect Operations Center | 2022-12-09 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510. | |||||
| CVE-2022-3655 | 1 Google | 1 Chrome | 2022-12-09 | N/A | 8.8 HIGH |
| Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3653 | 1 Google | 1 Chrome | 2022-12-09 | N/A | 8.8 HIGH |
| Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2017-16252 | 1 Insteon | 2 Hub 2245-222, Hub Firmware | 2022-12-09 | 5.5 MEDIUM | 8.1 HIGH |
| Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2017-16253 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | |||||