Total
7207 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21790 | 2 Google, Mediatek | 6 Android, Mt6833, Mt6853 and 3 more | 2024-08-03 | 4.4 Medium |
| In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306. | ||||
| CVE-2022-21755 | 2 Google, Mediatek | 64 Android, Mt6731, Mt6732 and 61 more | 2024-08-03 | 4.4 Medium |
| In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464. | ||||
| CVE-2022-21756 | 2 Google, Mediatek | 36 Android, Mt6833, Mt6853 and 33 more | 2024-08-03 | 4.4 Medium |
| In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950. | ||||
| CVE-2022-21778 | 2 Google, Mediatek | 17 Android, Mt6771, Mt6779 and 14 more | 2024-08-03 | 6.7 Medium |
| In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. | ||||
| CVE-2022-21746 | 2 Google, Mediatek | 17 Android, Mt6771, Mt6779 and 14 more | 2024-08-03 | 4.4 Medium |
| In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. | ||||
| CVE-2022-21726 | 1 Google | 1 Tensorflow | 2024-08-03 | 8.1 High |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | ||||
| CVE-2022-21769 | 2 Google, Mediatek | 36 Android, Mt6580, Mt6735 and 33 more | 2024-08-03 | 4.4 Medium |
| In CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641687. | ||||
| CVE-2022-21728 | 1 Google | 1 Tensorflow | 2024-08-03 | 8.1 High |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | ||||
| CVE-2022-21722 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-08-03 | 9.1 Critical |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. | ||||
| CVE-2022-21747 | 2 Google, Mediatek | 23 Android, Mt6771, Mt6779 and 20 more | 2024-08-03 | 4.4 Medium |
| In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. | ||||
| CVE-2022-21730 | 1 Google | 1 Tensorflow | 2024-08-03 | 8.1 High |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | ||||
| CVE-2022-21723 | 4 Asterisk, Debian, Sangoma and 1 more | 4 Certified Asterisk, Debian Linux, Asterisk and 1 more | 2024-08-03 | 9.1 Critical |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. | ||||
| CVE-2022-21711 | 1 Elfspirit Project | 1 Elfspirit | 2024-08-03 | 7.1 High |
| elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue. | ||||
| CVE-2022-21688 | 1 Onionshare | 1 Onionshare | 2024-08-03 | 7.5 High |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing. Roughly 20 bytes lead to 2GB memory consumption and this can be triggered multiple times. To be abused, this vulnerability requires rendering in the history tab, so some user interaction is required. An adversary with knowledge of the Onion service address in public mode or with authentication in private mode can perform a Denial of Service attack, which quickly results in out-of-memory for the server. This requires the desktop application with rendered history, therefore the impact is only elevated. This issue has been patched in version 2.5. | ||||
| CVE-2022-21240 | 1 Intel | 6 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6e Ax211 and 3 more | 2024-08-03 | 4.4 Medium |
| Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-21239 | 1 Intel | 1 Quickassist Technology | 2024-08-03 | 5.6 Medium |
| Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-21133 | 1 Intel | 1 Trace Analyzer And Collector | 2024-08-03 | 5.5 Medium |
| Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-21219 | 1 Omron | 1 Cx-programmer | 2024-08-03 | 7.8 High |
| Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | ||||
| CVE-2022-21226 | 1 Intel | 1 Trace Analyzer And Collector | 2024-08-03 | 5.5 Medium |
| Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-20688 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2024-08-03 | 5.3 Medium |
| A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition. | ||||