CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/11/22 2:15 a.m.•15 views

Stack overflow

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

4.3CVSS7.9AI score0.00159EPSS

Vulnrichment•added 2022/11/22 12:0 a.m.•3 views

CVE-2022-35407

7.9AI score0.00159EPSS

Exploits0References2

Tenable Nessus•added 2022/11/22 12:0 a.m.•27 views

Oracle Linux 9 : libtiff (ELSA-2022-8194)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8194 advisory. 4.4.0-2 - Update to version 4.4.0 - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909...

7.7CVSS6.7AI score0.00203EPSS

Exploits10References11

CVE•added 2022/11/22 12:0 a.m.•63 views

CVE-2022-35407

The CVE concerns InsydeH2O’s SetupUtility driver on Intel platforms, affected versions 5.0–5.5. A stack buffer overflow from handling two UEFI variables allows arbitrary code execution when the second variable exceeds the first, enabling modification of certain UEFI variables. Impact is local, wi...

7.8CVSS7.9AI score0.00159EPSS

CVE•added 2022/11/21 12:0 a.m.•54 views

CVE-2022-35897

CVE-2022-35897 affects Insyde InsydeH2O kernel 5.0–5.5. A stack buffer overflow occurs when an attacker modifies certain UEFI variables, potentially causing arbitrary code execution. Exploitation requires direct SPI modification and the attacker must change at least two of three variables (Secure...

6.8CVSS7.2AI score0.00256EPSS

Vulnrichment•added 2022/11/21 12:0 a.m.•4 views

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

8.5AI score0.00256EPSS

Exploits0References2

OSV•added 2022/11/20 1:1 p.m.•10 views

OSV-2022-1188 Stack-buffer-overflow in authentic_get_tagged_data

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53536 Crash type: Stack-buffer-overflow READ 1 Crash state: authenticgettaggeddata authenticparsecredentialdata authenticpingetpolicy...

OSV•added 2022/11/18 1:0 p.m.•10 views

OSV-2022-1177 Stack-buffer-overflow in FLAC::Decoder::FuzzerDecoder::metadata_callback

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53454 Crash type: Stack-buffer-overflow WRITE 8 Crash state: FLAC::Decoder::FuzzerDecoder::metadatacallback FLAC::Decoder::Stream::metadatacallback readmetadata...

OSV•added 2022/11/16 1:2 p.m.•10 views

OSV-2022-1175 Stack-buffer-overflow in sc_path_print

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53417 Crash type: Stack-buffer-overflow READ 1 Crash state: scpathprint scselectfile scpkcs15initrmdir...

Tenable Nessus•added 2022/11/16 12:0 a.m.•34 views

Oracle Linux 8 : libtiff (ELSA-2022-7585)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7585 advisory. 4.0.9-23 - Fix various CVEs - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-090...

7.7CVSS6.7AI score0.00203EPSS

Exploits9References10

RedHat Linux•added 2022/11/15 3:17 p.m.•2 views

libtiff: stack-buffer-overflow in tiffcp.c in main()

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service...

6.1CVSS5.9AI score0.00074EPSS

Exploits1References4

RedHat Linux•added 2022/11/15 11:55 a.m.•1 views

hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation eIBRS capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer RSB...

5.5CVSS6.5AI score0.00106EPSS

Exploits0References6

RedHat Linux•added 2022/11/15 11:38 a.m.•3 views

hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

5.5CVSS6.5AI score0.00106EPSS

Exploits0References6

AlmaLinux•added 2022/11/15 12:0 a.m.•65 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file CVE-2022-0562 libtiff: reachable...

7.7CVSS7.4AI score0.00203EPSS

Exploits10References22

Mageia•added 2022/11/13 2:25 a.m.•53 views

Updated binutils/gdb packages fix security vulnerability

libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 binutils: heap-based buffer overflow in bfdgetl32 when called by stripmain in objcopy.c via a crafted file CVE-2022-38533...

6.5CVSS4.4AI score0.00556EPSS

Exploits0References3

OSV•added 2022/11/13 2:25 a.m.•5 views

MGASA-2022-0425 Updated binutils/gdb packages fix security vulnerability

6.5CVSS6.2AI score0.00556EPSS

Exploits0References4

OSV•added 2022/11/10 1:0 p.m.•12 views

OSV-2022-1157 Stack-buffer-overflow in merge_utf16be_ascii

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53149 Crash type: Stack-buffer-overflow WRITE 1 Crash state: mergeutf16beascii probeisoNUMBER superblocksprobe...