Export limit exceeded: 13863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41521 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. | ||||
| CVE-2022-41520 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. | ||||
| CVE-2022-41517 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function | ||||
| CVE-2022-41430 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. | ||||
| CVE-2022-41429 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. | ||||
| CVE-2022-41428 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. | ||||
| CVE-2022-41420 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component | ||||
| CVE-2022-41301 | 1 Autodesk | 1 Subassembly Composer | 2024-11-21 | 7.8 High |
| A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-40654 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18351. | ||||
| CVE-2022-40653 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18349. | ||||
| CVE-2022-40652 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17846. | ||||
| CVE-2022-40651 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17844. | ||||
| CVE-2022-40650 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838. | ||||
| CVE-2022-40648 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563. | ||||
| CVE-2022-40644 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17408. | ||||
| CVE-2022-40641 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17317. | ||||
| CVE-2022-40514 | 1 Qualcomm | 456 Aqt1000, Aqt1000 Firmware, Ar8031 and 453 more | 2024-11-21 | 9.8 Critical |
| Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. | ||||
| CVE-2022-40510 | 1 Qualcomm | 408 Apq8009, Apq8009 Firmware, Apq8009w and 405 more | 2024-11-21 | 9.8 Critical |
| Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. | ||||
| CVE-2022-40160 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | 6.5 Medium |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | ||||
| CVE-2022-40159 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | 6.5 Medium |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | ||||