Export limit exceeded: 20190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26212 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 9.8 Critical |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26211 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 9.8 Critical |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26210 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 9.8 Critical |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26209 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 9.8 Critical |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26208 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 9.8 Critical |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26207 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 9.8 Critical |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26206 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-11-21 | 9.8 Critical |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26181 | 1 Dropbox | 1 Lepton | 2024-11-21 | 7.8 High |
| Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. | ||||
| CVE-2022-26147 | 1 Quectel | 2 Rg502q-ea, Rg502q-ea Firmware | 2024-11-21 | 9.8 Critical |
| The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. | ||||
| CVE-2022-26098 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | ||||
| CVE-2022-26092 | 1 Google | 1 Android | 2024-11-21 | 7.4 High |
| Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | ||||
| CVE-2022-26061 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.8 High |
| A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-25972 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-25949 | 1 Kingsoft | 1 Internet Security 9 Plus | 2024-11-21 | 7.8 High |
| The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. | ||||
| CVE-2022-25903 | 1 Opcua Project | 1 Opcua | 2024-11-21 | 7.5 High |
| The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed. | ||||
| CVE-2022-25797 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.8 High |
| A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. | ||||
| CVE-2022-25792 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2024-11-21 | 7.8 High |
| A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code. | ||||
| CVE-2022-25791 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2024-11-21 | 7.8 High |
| A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. | ||||
| CVE-2022-25790 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2024-11-21 | 7.8 High |
| A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution. | ||||
| CVE-2022-25788 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2024-11-21 | 7.8 High |
| A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code. | ||||