Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44170 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-07-25 | N/A | 6.7 MEDIUM |
| A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. | |||||
| CVE-2022-20222 | 1 Google | 1 Android | 2022-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096 | |||||
| CVE-2020-13581 | 1 Softmaker | 1 Planmaker 2021 | 2022-07-23 | 6.8 MEDIUM | 7.8 HIGH |
| In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | |||||
| CVE-2020-13586 | 1 Softmaker | 1 Planmaker 2021 | 2022-07-23 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-1737 | 1 Pyramidsolutions | 4 Netstax Ethernet\/ip Adapter Development Kit, Netstax Ethernet\/ip Adapter Dll Kit, Netstax Ethernet\/ip Scanner Development Kit and 1 more | 2022-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition. | |||||
| CVE-2022-28044 | 2 Debian, Irzip Project | 2 Debian Linux, Irzip | 2022-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. | |||||
| CVE-2022-34217 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21810 | 1 Att | 1 Xmill | 2022-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-28561 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42727 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2022-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. | |||||
| CVE-2017-9226 | 2 Oniguruma Project, Php | 2 Oniguruma, Php | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. | |||||
| CVE-2017-9228 | 2 Oniguruma Project, Php | 2 Oniguruma, Php | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. | |||||
| CVE-2012-5612 | 4 Canonical, Mariadb, Oracle and 1 more | 6 Ubuntu Linux, Mariadb, Mysql and 3 more | 2022-07-20 | 6.5 MEDIUM | N/A |
| Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. | |||||
| CVE-2022-32117 | 1 Jerryscript | 1 Jerryscript | 2022-07-20 | N/A | 7.8 HIGH |
| Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. | |||||
| CVE-2020-14127 | 1 Mi | 3 Miui, Redmi K40, Redmi Note 10 Pro | 2022-07-20 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service. | |||||
| CVE-2006-4482 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2022-07-19 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. | |||||
| CVE-2022-32434 | 1 Opener Project | 1 Opener | 2022-07-19 | 6.8 MEDIUM | 7.8 HIGH |
| EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d. | |||||
| CVE-2021-41396 | 1 Live555 | 1 Live555 | 2022-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack. | |||||
| CVE-2022-34274 | 1 Siemens | 1 Pads Viewer | 2022-07-15 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-039) | |||||
| CVE-2022-34276 | 1 Siemens | 1 Pads Viewer | 2022-07-15 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041) | |||||