Export limit exceeded: 349467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43826 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27531 | 1 Autodesk | 1 3ds Max | 2024-11-21 | 7.8 High |
| A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27524 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.1 High |
| An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27523 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.1 High |
| A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27451 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | ||||
| CVE-2022-27406 | 3 Fedoraproject, Freetype, Redhat | 4 Fedora, Freetype, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. | ||||
| CVE-2022-27405 | 3 Fedoraproject, Freetype, Redhat | 4 Fedora, Freetype, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. | ||||
| CVE-2022-27387 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. | ||||
| CVE-2022-27337 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 4 Debian Linux, Fedora, Poppler and 1 more | 2024-11-21 | 6.5 Medium |
| A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||||
| CVE-2022-27242 | 1 Siemens | 1 Openv2g | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. | ||||
| CVE-2022-27240 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2024-11-21 | 9.8 Critical |
| scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. | ||||
| CVE-2022-27223 | 3 Debian, Linux, Netapp | 17 Debian Linux, Linux Kernel, Active Iq Unified Manager and 14 more | 2024-11-21 | 8.8 High |
| In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. | ||||
| CVE-2022-27220 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | ||||
| CVE-2022-27219 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | ||||
| CVE-2022-27177 | 1 Netflix | 1 Consoleme | 2024-11-21 | 9.8 Critical |
| A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 | ||||
| CVE-2022-27148 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | ||||
| CVE-2022-27114 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-11-21 | 5.5 Medium |
| There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. | ||||
| CVE-2022-27008 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. | ||||
| CVE-2022-26981 | 3 Apple, Fedoraproject, Liblouis | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 7.8 High |
| Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | ||||
| CVE-2022-26941 | 1 Motorola | 5 Mobile Radio, Mtm5400, Mtm5400 Firmware and 2 more | 2024-11-21 | 9.6 Critical |
| A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges. | ||||
| CVE-2022-26867 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 5.9 Medium |
| PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. | ||||