Export limit exceeded: 45687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28381 | 1 Allmediaserver | 1 Allmediaserver | 2024-11-21 | 9.8 Critical |
| Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. | ||||
| CVE-2022-28375 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | 9.8 Critical |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root, | ||||
| CVE-2022-28374 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | 8.8 High |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root. | ||||
| CVE-2022-28373 | 1 Verizon | 2 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware | 2024-11-21 | 9.8 Critical |
| Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root. | ||||
| CVE-2022-28236 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28234 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a heap-based buffer overflow vulnerability due to insecure handling of a crafted .pdf file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file | ||||
| CVE-2022-28200 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 8.2 High |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | ||||
| CVE-2022-28196 | 1 Nvidia | 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more | 2024-11-21 | 4.6 Medium |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components. | ||||
| CVE-2022-28193 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2024-11-21 | 5.6 Medium |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. | ||||
| CVE-2022-28185 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Virtual Gpu | 2024-11-21 | 6.8 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. | ||||
| CVE-2022-28182 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2024-11-21 | 8.5 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | ||||
| CVE-2022-28181 | 3 Linux, Microsoft, Nvidia | 4 Linux Kernel, Windows, Gpu Display Driver and 1 more | 2024-11-21 | 8.5 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | ||||
| CVE-2022-28171 | 1 Hikvision | 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more | 2024-11-21 | 7.5 High |
| The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. | ||||
| CVE-2022-28082 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. | ||||
| CVE-2022-28072 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.5 High |
| A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. | ||||
| CVE-2022-28069 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.5 High |
| A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. | ||||
| CVE-2022-28068 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.5 High |
| A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. | ||||
| CVE-2022-28055 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 9.8 Critical |
| Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | ||||
| CVE-2022-28044 | 2 Debian, Irzip Project | 2 Debian Linux, Irzip | 2024-11-21 | 9.8 Critical |
| Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. | ||||
| CVE-2022-27947 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | ||||