Total
7211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35938 | 1 Google | 1 Tensorflow | 2024-08-03 | 7 High |
| TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | ||||
| CVE-2022-35926 | 1 Contiki-ng | 1 Contiki-ng | 2024-08-03 | 5.9 Medium |
| Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654. | ||||
| CVE-2022-35906 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 3.3 Low |
| An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a DGN file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of DGN files could enable an attacker to read information in the context of the current process. | ||||
| CVE-2022-35901 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 3.3 Low |
| An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a J2K file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of J2K files could enable an attacker to read information in the context of the current process. | ||||
| CVE-2022-35904 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 3.3 Low |
| An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of IFC files could enable an attacker to read information in the context of the current process. | ||||
| CVE-2022-35903 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 3.3 Low |
| An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process. | ||||
| CVE-2022-35902 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 3.3 Low |
| An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an OBJ file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of OBJ files could enable an attacker to read information in the context of the current process. | ||||
| CVE-2022-35900 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 3.3 Low |
| An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a JP2 file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of JP2 files could enable an attacker to read information in the context of the current process. | ||||
| CVE-2022-35905 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 3.3 Low |
| An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of FBX files could enable an attacker to read information in the context of the current process. | ||||
| CVE-2022-35729 | 2 Intel, Openbmc-project | 58 C621a, C624a, C627a and 55 more | 2024-08-03 | 7.5 High |
| Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2022-35483 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. | ||||
| CVE-2022-35479 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. | ||||
| CVE-2022-35476 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. | ||||
| CVE-2022-35478 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. | ||||
| CVE-2022-35481 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | ||||
| CVE-2022-35477 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. | ||||
| CVE-2022-35409 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-08-03 | 9.1 Critical |
| An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. | ||||
| CVE-2022-35485 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. | ||||
| CVE-2022-35482 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. | ||||
| CVE-2022-35234 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-08-03 | 7.1 High |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. | ||||