Total
3238 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36125 | 1 Apache | 1 Avro | 2024-11-21 | 7.5 High |
| It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | ||||
| CVE-2022-35289 | 1 Facebook | 1 Hermes | 2024-11-21 | 9.8 Critical |
| A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
| CVE-2022-34612 | 1 Rizin | 1 Rizin | 2024-11-21 | 5.5 Medium |
| Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary. | ||||
| CVE-2022-33719 | 1 Google | 1 Android | 2024-11-21 | 8.6 High |
| Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. | ||||
| CVE-2022-33296 | 1 Qualcomm | 228 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 225 more | 2024-11-21 | 5.9 Medium |
| Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. | ||||
| CVE-2022-33269 | 1 Qualcomm | 202 Aqt1000, Aqt1000 Firmware, Ar8035 and 199 more | 2024-11-21 | 9.3 Critical |
| Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. | ||||
| CVE-2022-33248 | 1 Qualcomm | 324 Apq8009, Apq8009 Firmware, Apq8009w and 321 more | 2024-11-21 | 7.8 High |
| Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http. | ||||
| CVE-2022-33068 | 3 Fedoraproject, Harfbuzz Project, Redhat | 3 Fedora, Harfbuzz, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2022-33065 | 2 Libsndfile Project, Redhat | 2 Libsndfile, Enterprise Linux | 2024-11-21 | 7.8 High |
| Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. | ||||
| CVE-2022-32546 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | ||||
| CVE-2022-32545 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | ||||
| CVE-2022-32073 | 1 Wolfssh | 1 Wolfssh | 2024-11-21 | 9.8 Critical |
| WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. | ||||
| CVE-2022-31789 | 1 Watchguard | 1 Fireware | 2024-11-21 | 9.8 Critical |
| An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | ||||
| CVE-2022-31630 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | ||||
| CVE-2022-31600 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 7.5 High |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components. | ||||
| CVE-2022-31264 | 1 Solanalabs | 1 Rbpf | 2024-11-21 | 7.5 High |
| Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. | ||||
| CVE-2022-2928 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Dhcp and 1 more | 2024-11-21 | 6.5 Medium |
| In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | ||||
| CVE-2022-2831 | 1 Blender | 1 Blender | 2024-11-21 | 7.5 High |
| A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption. | ||||
| CVE-2022-2743 | 1 Google | 3 Chrome, Chrome Os, Linux And Chrome Os | 2024-11-21 | 8.8 High |
| Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High) | ||||
| CVE-2022-2454 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV. | ||||