Total
13378 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39394 | 1 Bytecodealliance | 1 Wasmtime | 2025-04-23 | 3.8 Low |
| Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected. | ||||
| CVE-2022-41873 | 1 Contiki-ng | 1 Contiki-ng | 2025-04-23 | 4.2 Medium |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata structure. While looking up the corresponding channel structure in get_channel_for_cid (in os/net/mac/ble/ble-l2cap.c), a bounds check is performed on the incoming channel ID, which is meant to ensure that the channel ID does not exceed the maximum number of supported channels.However, an integer truncation issue leads to only the lowest byte of the channel ID to be checked, which leads to an incomplete out-of-bounds check. A crafted channel ID leads to out-of-bounds memory to be read and written with attacker-controlled data. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. As a workaround, Users can apply the patch in Contiki-NG pull request 2081 on GitHub. | ||||
| CVE-2022-41902 | 1 Google | 1 Tensorflow | 2025-04-23 | 7.1 High |
| TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1. | ||||
| CVE-2022-23478 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2025-04-23 | 9.1 Critical |
| xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. | ||||
| CVE-2022-42255 | 5 Citrix, Linux, Nvidia and 2 more | 6 Hypervisor, Linux Kernel, Cloud Gaming and 3 more | 2025-04-23 | 5.3 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | ||||
| CVE-2023-51101 | 1 Tenda | 2 W9, W9 Firmware | 2025-04-23 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. | ||||
| CVE-2022-44931 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-23 | 7.5 High |
| Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | ||||
| CVE-2025-3679 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-45525 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. | ||||
| CVE-2022-45524 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. | ||||
| CVE-2022-45523 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. | ||||
| CVE-2022-45522 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. | ||||
| CVE-2022-45521 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. | ||||
| CVE-2022-45520 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. | ||||
| CVE-2022-45519 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. | ||||
| CVE-2022-45518 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. | ||||
| CVE-2022-45517 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. | ||||
| CVE-2022-45516 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. | ||||
| CVE-2022-45515 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. | ||||
| CVE-2022-45514 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. | ||||