Search Results (21035 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41802 2 Openatom, Openharmony 2 Openharmony, Openharmony 2024-11-21 4 Medium
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVE-2022-41793 1 Openbabel 1 Open Babel 2024-11-21 9.8 Critical
An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-41528 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
CVE-2022-41527 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function.
CVE-2022-41526 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function.
CVE-2022-41525 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.
CVE-2022-41524 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function.
CVE-2022-41523 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function.
CVE-2022-41522 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function.
CVE-2022-41521 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function.
CVE-2022-41520 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function.
CVE-2022-41518 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi.
CVE-2022-41517 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 8.8 High
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function
CVE-2022-41430 1 Axiosys 1 Bento4 2024-11-21 8.8 High
Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux.
CVE-2022-41429 1 Axiosys 1 Bento4 2024-11-21 8.8 High
Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag.
CVE-2022-41428 1 Axiosys 1 Bento4 2024-11-21 8.8 High
Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux.
CVE-2022-41420 1 Nasm 1 Netwide Assembler 2024-11-21 5.5 Medium
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
CVE-2022-41301 1 Autodesk 1 Subassembly Composer 2024-11-21 7.8 High
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-40764 1 Snyk 2 Cli, Golang Cli 2024-11-21 7.8 High
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957.
CVE-2022-40679 1 Fortinet 3 Fortiadc, Fortiddos, Fortiddos-f 2024-11-21 7.1 High
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.