Search Results (45935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36586 1 Tenda 2 G3, G3 Firmware 2024-11-21 9.8 Critical
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by strcpy in function 0x869f4 in the httpd binary.
CVE-2022-36585 1 Tenda 2 G3, G3 Firmware 2024-11-21 9.8 Critical
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf.
CVE-2022-36584 1 Tenda 2 G3, G3 Firmware 2024-11-21 9.8 Critical
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf.
CVE-2022-36525 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2024-11-21 9.8 Critical
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main.
CVE-2022-36446 1 Webmin 1 Webmin 2024-11-21 9.8 Critical
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVE-2022-36423 2 Openatom, Openharmony 2 Openharmony, Openharmony 2024-11-21 7.4 High
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
CVE-2022-36402 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2024-11-21 6.3 Medium
An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVE-2022-36372 1 Intel 69 Bios, Nuc 8 Compute Element Cm8ccb4r, Nuc 8 Compute Element Cm8ccb4r Firmware and 66 more 2024-11-21 7.5 High
Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36363 1 Siemens 4 Logo\!8 Bm, Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware and 1 more 2024-11-21 5.3 Medium
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.
CVE-2022-36361 1 Siemens 4 Logo\!8 Bm, Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware and 1 more 2024-11-21 9.8 Critical
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.
CVE-2022-36349 1 Intel 4 Nuc Board Nuc5i3mybe, Nuc Board Nuc5i3mybe Firmware, Nuc Kit Nuc5i3myhe and 1 more 2024-11-21 5.2 Medium
Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2022-36293 1 Nintendo 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware 2024-11-21 7.2 High
Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors.
CVE-2022-36280 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 6.3 Medium
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVE-2022-36279 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2024-11-21 8.8 High
A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-35911 1 Patlite 4 Nhl-fb2, Nhl-fb2 Firmware, Nhp-fb2 and 1 more 2024-11-21 7.5 High
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced.
CVE-2022-35906 1 Bentley 2 Microstation, View 2024-11-21 3.3 Low
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a DGN file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of DGN files could enable an attacker to read information in the context of the current process.
CVE-2022-35905 1 Bentley 2 Microstation, View 2024-11-21 3.3 Low
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of FBX files could enable an attacker to read information in the context of the current process.
CVE-2022-35904 1 Bentley 2 Microstation, View 2024-11-21 3.3 Low
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of IFC files could enable an attacker to read information in the context of the current process.
CVE-2022-35903 1 Bentley 2 Microstation, View 2024-11-21 3.3 Low
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process.
CVE-2022-35902 1 Bentley 2 Microstation, View 2024-11-21 3.3 Low
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an OBJ file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of OBJ files could enable an attacker to read information in the context of the current process.