Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | |||||
| CVE-2022-29324 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | |||||
| CVE-2022-29325 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | |||||
| CVE-2022-29323 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | |||||
| CVE-2022-29321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | |||||
| CVE-2022-29322 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | |||||
| CVE-2022-20009 | 1 Google | 1 Android | 2022-05-16 | 7.2 HIGH | 6.8 MEDIUM |
| In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel | |||||
| CVE-2020-6156 | 1 Pixar | 1 Openusd | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. | |||||
| CVE-2020-6149 | 1 Pixar | 1 Openusd | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section. | |||||
| CVE-2020-6150 | 1 Pixar | 1 Openusd | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. | |||||
| CVE-2020-6155 | 1 Pixar | 1 Openusd | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-6148 | 1 Pixar | 1 Openusd | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow. | |||||
| CVE-2020-6147 | 2 Apple, Pixar | 3 Ipados, Iphone Os, Openusd | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. | |||||
| CVE-2020-28600 | 1 Openscad | 1 Openscad | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-3501 | 4 Fedoraproject, Linux, Netapp and 1 more | 27 Fedora, Linux Kernel, Cloud Backup and 24 more | 2022-05-13 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. | |||||
| CVE-2021-21812 | 1 Att | 1 Xmill | 2022-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities. | |||||
| CVE-2021-27041 | 3 Autodesk, Iconics, Mitsubishielectric | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code | |||||
| CVE-2021-27043 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application. | |||||
| CVE-2021-32952 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | |||||
| CVE-2022-27783 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2022-05-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. | |||||