Total
8573 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47352 | 2 Google, Unisoc | 3 Android, T610, T618 | 2024-11-21 | 4.4 Medium |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-47351 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2024-11-21 | 4.4 Medium |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-47350 | 2 Google, Unisoc | 12 Android, S8000, Sc9863a and 9 more | 2024-11-21 | 4.4 Medium |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-43681 | 3 Debian, Frrouting, Redhat | 3 Debian Linux, Frrouting, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. | ||||
| CVE-2022-41745 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.0 High |
| An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-40737 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields. | ||||
| CVE-2022-40709 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | 3.3 Low |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708. | ||||
| CVE-2022-40707 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | 3.3 Low |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. | ||||
| CVE-2022-40647 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17558. | ||||
| CVE-2022-40640 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308. | ||||
| CVE-2022-40636 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044. | ||||
| CVE-2022-40535 | 1 Qualcomm | 142 Csr8811, Csr8811 Firmware, Ipq8070a and 139 more | 2024-11-21 | 7.5 High |
| Transient DOS due to buffer over-read in WLAN while sending a packet to device. | ||||
| CVE-2022-40524 | 1 Qualcomm | 76 Aqt1000, Aqt1000 Firmware, Qca6390 and 73 more | 2024-11-21 | 6.7 Medium |
| Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service. | ||||
| CVE-2022-40512 | 1 Qualcomm | 590 Apq8009, Apq8009 Firmware, Apq8017 and 587 more | 2024-11-21 | 7.5 High |
| Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. | ||||
| CVE-2022-40505 | 1 Qualcomm | 26 9205 Lte Modem, 9205 Lte Modem Firmware, 9206 Lte Modem and 23 more | 2024-11-21 | 8.2 High |
| Information disclosure due to buffer over-read in Modem while parsing DNS hostname. | ||||
| CVE-2022-40503 | 1 Qualcomm | 370 8905, 8905 Firmware, 8909 and 367 more | 2024-11-21 | 8.2 High |
| Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. | ||||
| CVE-2022-40320 | 2 Fedoraproject, Libconfuse Project | 2 Fedora, Libconfuse | 2024-11-21 | 8.8 High |
| cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | ||||
| CVE-2022-40318 | 3 Debian, Frrouting, Redhat | 3 Debian Linux, Frrouting, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. | ||||
| CVE-2022-3447 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-3178 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. | ||||