Total
12951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46291 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 9.8 Critical |
| Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format | ||||
| CVE-2022-46290 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 9.8 Critical |
| Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that stores the coordinates does not check its index against nAtoms | ||||
| CVE-2022-46289 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 9.8 Critical |
| Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculation wrap-around, leading to a small buffer allocation | ||||
| CVE-2022-45781 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. | ||||
| CVE-2022-45703 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. | ||||
| CVE-2022-45493 | 1 Json.h Project | 1 Json.h | 2024-11-21 | 7.8 High |
| Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | ||||
| CVE-2022-45492 | 1 Json.h Project | 1 Json.h | 2024-11-21 | 7.8 High |
| Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | ||||
| CVE-2022-45188 | 3 Debian, Fedoraproject, Netatalk | 3 Debian Linux, Fedora, Netatalk | 2024-11-21 | 7.8 High |
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | ||||
| CVE-2022-44840 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.8 High |
| Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. | ||||
| CVE-2022-44370 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 7.8 High |
| NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 | ||||
| CVE-2022-44011 | 1 Clickhouse | 1 Clickhouse | 2024-11-21 | 6.5 Medium |
| An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. | ||||
| CVE-2022-44010 | 1 Clickhouse | 1 Clickhouse | 2024-11-21 | 7.5 High |
| An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. | ||||
| CVE-2022-43607 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 8.1 High |
| An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-43605 | 1 Opener Project | 1 Opener | 2024-11-21 | 10 Critical |
| An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out of bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability. | ||||
| CVE-2022-43467 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-43358 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 7.5 High |
| Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS). | ||||
| CVE-2022-43357 | 1 Sass-lang | 2 Libsass, Sassc | 2024-11-21 | 7.5 High |
| Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. | ||||
| CVE-2022-42920 | 3 Apache, Fedoraproject, Redhat | 10 Commons Bcel, Fedora, Amq Streams and 7 more | 2024-11-21 | 9.8 Critical |
| Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. | ||||
| CVE-2022-42002 | 1 Sonicjs | 1 Sonicjs | 2024-11-21 | 9.1 Critical |
| SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete. | ||||
| CVE-2022-41854 | 3 Fedoraproject, Redhat, Snakeyaml Project | 13 Fedora, Amq Clients, Camel Spring Boot and 10 more | 2024-11-21 | 5.8 Medium |
| Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | ||||