Total
8573 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33222 | 1 Qualcomm | 26 Mdm8207, Mdm8207 Firmware, Mdm9205 and 23 more | 2024-11-21 | 8.2 High |
| Information disclosure due to buffer over-read while parsing DNS response packets in Modem. | ||||
| CVE-2022-33221 | 1 Qualcomm | 28 Sd 8 Gen1 5g Firmware, Sm8475, Ssg2115p and 25 more | 2024-11-21 | 6.8 Medium |
| Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests. | ||||
| CVE-2022-33220 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Qam8295p and 87 more | 2024-11-21 | 5.1 Medium |
| Information disclosure in Automotive multimedia due to buffer over-read. | ||||
| CVE-2022-33021 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 7.5 High |
| CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. | ||||
| CVE-2022-32990 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | ||||
| CVE-2022-32912 | 2 Apple, Redhat | 4 Ipados, Iphone Os, Safari and 1 more | 2024-11-21 | 8.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-32745 | 1 Samba | 1 Samba | 2024-11-21 | 8.1 High |
| A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | ||||
| CVE-2022-32325 | 2 Fedoraproject, Jpegoptim Project | 2 Fedora, Jpegoptim | 2024-11-21 | 6.5 Medium |
| JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. | ||||
| CVE-2022-32200 | 1 Libdwarf Project | 1 Libdwarf | 2024-11-21 | 7.8 High |
| libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. | ||||
| CVE-2022-32141 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 6.5 Medium |
| Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. | ||||
| CVE-2022-32139 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 6.5 Medium |
| In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. | ||||
| CVE-2022-31796 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. | ||||
| CVE-2022-31630 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | ||||
| CVE-2022-31212 | 2 Dbus-broker Project, Redhat | 2 Dbus-broker, Enterprise Linux | 2024-11-21 | 7.5 High |
| An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied. | ||||
| CVE-2022-31001 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | 7.5 High |
| Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. | ||||
| CVE-2022-30976 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.1 High |
| GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. | ||||
| CVE-2022-30785 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 6.7 Medium |
| A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | ||||
| CVE-2022-30702 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 5.5 Medium |
| Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. | ||||
| CVE-2022-30549 | 1 Fujielectric | 1 V-server | 2024-11-21 | 7.8 High |
| Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||
| CVE-2022-30546 | 1 Fujielectric | 1 Monitouch V-sft | 2024-11-21 | 7.8 High |
| Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||