Total
2290 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30309 | 1 Qualcomm | 86 Mdm9650, Mdm9650 Firmware, Qca6174a and 83 more | 2022-02-18 | 4.6 MEDIUM | 7.8 HIGH |
| Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-24313 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2021-44864 | 1 Tp-link | 2 Wn886n, Wn886n Firmware | 2022-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. | |||||
| CVE-2021-38172 | 1 Debian | 1 Perm | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) | |||||
| CVE-2022-22725 | 1 Schneider-electric | 2 Easergy P3, Easergy P3 Firmware | 2022-02-10 | 8.3 HIGH | 8.8 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205) | |||||
| CVE-2022-22723 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2022-02-10 | 8.3 HIGH | 8.8 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) | |||||
| CVE-2021-29219 | 1 Hpe | 14 Flexnetwork 5130 Jg932a, Flexnetwork 5130 Jg932a Firmware, Flexnetwork 5130 Jg933a and 11 more | 2022-02-09 | 4.6 MEDIUM | 7.8 HIGH |
| A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. | |||||
| CVE-2019-11859 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. | |||||
| CVE-2019-11858 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. | |||||
| CVE-2021-30481 | 1 Valvesoftware | 1 Steam Client | 2022-02-07 | 6.0 MEDIUM | 9.0 CRITICAL |
| Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | |||||
| CVE-2006-3404 | 1 Gimp | 1 Gimp | 2022-02-07 | 5.1 MEDIUM | N/A |
| Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. | |||||
| CVE-2012-2763 | 1 Gimp | 1 Gimp | 2022-02-07 | 7.5 HIGH | N/A |
| Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. | |||||
| CVE-2008-1677 | 1 Redhat | 2 Directory Server, Fedora Directory Server | 2022-02-03 | 7.5 HIGH | N/A |
| Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. | |||||
| CVE-2020-7559 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | |||||
| CVE-2018-7238 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code. | |||||
| CVE-2015-0982 | 1 Schneider-electric | 1 Pelco Ds-nv | 2022-02-02 | 7.5 HIGH | N/A |
| Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-46513 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c. | |||||
| CVE-2021-46526 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c. | |||||
| CVE-2021-46521 | 1 Cesanta | 1 Mjs | 2022-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c. | |||||
| CVE-2018-15688 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2022-01-31 | 5.8 MEDIUM | 8.8 HIGH |
| A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | |||||