Total
8569 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24314 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 7.5 High |
| A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-24198 | 1 Itextpdf | 1 Itext | 2024-11-21 | 6.5 Medium |
| iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable. | ||||
| CVE-2022-24060 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-11-21 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15099. | ||||
| CVE-2022-24055 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-11-21 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14972. | ||||
| CVE-2022-23937 | 1 Windriver | 1 Vxworks | 2024-11-21 | 5.3 Medium |
| In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. | ||||
| CVE-2022-23805 | 2 Microsoft, Trendmicro | 2 Windows, Worry-free Business Security | 2024-11-21 | 7.1 High |
| A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-23429 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. | ||||
| CVE-2022-23130 | 2 Iconics, Mitsubishielectric | 3 Genesis64, Hyper Historian, Mc Works64 | 2024-11-21 | 5.5 Medium |
| Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64. | ||||
| CVE-2022-23097 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. | ||||
| CVE-2022-23096 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | ||||
| CVE-2022-22844 | 4 Debian, Libtiff, Netapp and 1 more | 4 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 5.5 Medium |
| LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | ||||
| CVE-2022-22816 | 3 Debian, Python, Redhat | 5 Debian Linux, Pillow, Enterprise Linux and 2 more | 2024-11-21 | 6.5 Medium |
| path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | ||||
| CVE-2022-22664 | 1 Apple | 3 Garageband, Logic Pro X, Macos | 2024-11-21 | 7.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | ||||
| CVE-2022-22627 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 7.1 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | ||||
| CVE-2022-22626 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 7.1 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | ||||
| CVE-2022-22625 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 7.1 High |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | ||||
| CVE-2022-22611 | 1 Apple | 6 Ipados, Iphone Os, Itunes and 3 more | 2024-11-21 | 7.8 High |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution. | ||||
| CVE-2022-22608 | 1 Apple | 1 Xcode | 2024-11-21 | 7.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | ||||
| CVE-2022-22607 | 1 Apple | 1 Xcode | 2024-11-21 | 7.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | ||||
| CVE-2022-22606 | 1 Apple | 1 Xcode | 2024-11-21 | 7.8 High |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | ||||