Search Results (20982 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-17384 1 Cellopoint 1 Cellos 2025-05-08 7.2 High
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
CVE-2023-6858 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2025-05-07 8.8 High
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
CVE-2022-3598 4 Debian, Libtiff, Netapp and 1 more 4 Debian Linux, Libtiff, Active Iq Unified Manager and 1 more 2025-05-07 5.5 Medium
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
CVE-2022-3597 4 Debian, Libtiff, Netapp and 1 more 4 Debian Linux, Libtiff, Active Iq Unified Manager and 1 more 2025-05-07 5.5 Medium
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
CVE-2022-35132 1 Webmin 1 Usermin 2025-05-07 8.8 High
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
CVE-2024-22228 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
CVE-2024-22227 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.
CVE-2024-22225 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.
CVE-2024-22224 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
CVE-2024-22223 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
CVE-2025-29912 1 Nasa 1 Cryptolib 2025-05-07 9.8 Critical
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the `Crypto_TC_ProcessSecurity` function of CryptoLib leads to a heap buffer overflow. The vulnerability is triggered when the `fl` (frame length) field in a Telecommand (TC) packet is set to 0. This underflow causes the frame length to be interpreted as 65535, resulting in out-of-bounds memory access. This critical vulnerability can be exploited to cause a denial of service (DoS) or potentially achieve remote code execution. Users of CryptoLib are advised to apply the recommended patch or avoid processing untrusted TC packets until a fix is available.
CVE-2024-58116 1 Huawei 1 Harmonyos 2025-05-07 4 Medium
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58115 1 Huawei 1 Harmonyos 2025-05-07 4 Medium
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-42939 1 Autodesk 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more 2025-05-07 7.8 High
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-42938 1 Autodesk 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more 2025-05-07 7.8 High
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-42937 1 Autodesk 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more 2025-05-07 7.8 High
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-42936 1 Autodesk 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more 2025-05-07 7.8 High
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-42935 1 Autodesk 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more 2025-05-07 7.8 High
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-42934 1 Autodesk 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more 2025-05-07 7.8 High
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-42933 1 Autodesk 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more 2025-05-07 7.8 High
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.