Total
13473 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43357 | 1 Sass-lang | 2 Libsass, Sassc | 2024-11-21 | 7.5 High |
| Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. | ||||
| CVE-2022-42920 | 3 Apache, Fedoraproject, Redhat | 10 Commons Bcel, Fedora, Amq Streams and 7 more | 2024-11-21 | 9.8 Critical |
| Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. | ||||
| CVE-2022-42002 | 1 Sonicjs | 1 Sonicjs | 2024-11-21 | 9.1 Critical |
| SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. | ||||
| CVE-2022-41854 | 3 Fedoraproject, Redhat, Snakeyaml Project | 13 Fedora, Amq Clients, Camel Spring Boot and 10 more | 2024-11-21 | 5.8 Medium |
| Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | ||||
| CVE-2022-41802 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-11-21 | 4 Medium |
| Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | ||||
| CVE-2022-41793 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-41528 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. | ||||
| CVE-2022-41527 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. | ||||
| CVE-2022-41526 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. | ||||
| CVE-2022-41524 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. | ||||
| CVE-2022-41523 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. | ||||
| CVE-2022-41522 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. | ||||
| CVE-2022-41521 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. | ||||
| CVE-2022-41520 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. | ||||
| CVE-2022-41517 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function | ||||
| CVE-2022-41430 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. | ||||
| CVE-2022-41429 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. | ||||
| CVE-2022-41428 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.8 High |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. | ||||
| CVE-2022-41420 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component | ||||
| CVE-2022-41301 | 1 Autodesk | 1 Subassembly Composer | 2024-11-21 | 7.8 High |
| A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||