Total
2951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26092 | 1 Google | 1 Android | 2024-11-21 | 7.4 High |
| Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | ||||
| CVE-2022-26061 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.8 High |
| A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-25309 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service. | ||||
| CVE-2022-24052 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. | ||||
| CVE-2022-22188 | 1 Juniper | 8 Ex4600, Ex4650, Junos and 5 more | 2024-11-21 | 7.5 High |
| An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1. | ||||
| CVE-2022-20946 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 8.6 High |
| A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. | ||||
| CVE-2022-20737 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | 8.5 High |
| A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information. | ||||
| CVE-2022-1886 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-1733 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | ||||
| CVE-2022-1621 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Macos, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 High |
| Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | ||||
| CVE-2022-1619 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Macos, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution | ||||
| CVE-2022-1437 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2022-1383 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.1 Medium |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2022-1381 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 7.8 High |
| global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | ||||
| CVE-2022-1286 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.8 Critical |
| heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | ||||
| CVE-2022-1253 | 1 Struktur | 1 Libde265 | 2024-11-21 | 9.8 Critical |
| Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. | ||||
| CVE-2022-1244 | 1 Radare | 1 Radare2 | 2024-11-21 | 5.5 Medium |
| heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | ||||
| CVE-2022-1240 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1160 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | ||||
| CVE-2022-1061 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.5 High |
| Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. | ||||