Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27293 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
| CVE-2022-27294 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | |||||
| CVE-2022-28663 | 1 Siemens | 1 Simcenter Femap | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592) | |||||
| CVE-2022-28662 | 1 Siemens | 1 Simcenter Femap | 2022-04-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307) | |||||
| CVE-2018-3932 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution. | |||||
| CVE-2018-3938 | 1 Sony | 28 Snc-eb600, Snc-eb600 Firmware, Snc-eb600b and 25 more | 2022-04-19 | 7.5 HIGH | 10.0 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. | |||||
| CVE-2018-3936 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. | |||||
| CVE-2018-3977 | 1 Libsdl | 1 Sdl Image | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2018-3933 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method. | |||||
| CVE-2018-3991 | 3 Microsoft, Siemens, Wibu | 3 Windows, Simatic Wincc Open Architecture, Wibukey | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. | |||||
| CVE-2018-3978 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability. | |||||
| CVE-2022-25753 | 1 Siemens | 48 Scalance X302-7eec, Scalance X302-7eec Firmware, Scalance X304-2fe and 45 more | 2022-04-19 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device. | |||||
| CVE-2022-27286 | 1 Dlink | 2 Dir-619 Ax, Dir-619 Ax Firmware | 2022-04-19 | 7.8 HIGH | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
| CVE-2022-27287 | 1 Dlink | 2 Dir-619 Ax, Dir-619 Ax Firmware | 2022-04-19 | 7.8 HIGH | 7.5 HIGH |
| D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | |||||
| CVE-2022-25791 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2022-04-19 | 4.4 MEDIUM | 7.8 HIGH |
| A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. | |||||
| CVE-2022-25790 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2022-25792 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code. | |||||
| CVE-2022-26092 | 1 Google | 1 Android | 2022-04-19 | 7.2 HIGH | 7.8 HIGH |
| Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | |||||
| CVE-2022-26098 | 1 Google | 1 Android | 2022-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | |||||
| CVE-2021-42059 | 2 Insyde, Siemens | 29 Insydeh2o, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 26 more | 2022-04-18 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver. | |||||