Total
12594 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-39131 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | ||||
CVE-2022-38690 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | ||||
CVE-2022-38161 | 1 Gumstix | 1 Overo Sbc | 2024-08-03 | 7.5 High |
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA. | ||||
CVE-2022-38105 | 1 Asus | 2 Rt-ax82u, Rt-ax82u Firmware | 2024-08-03 | 7.5 High |
An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | ||||
CVE-2022-37770 | 1 Jpeg | 1 Libjpeg | 2024-08-03 | 6.5 Medium |
libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
CVE-2022-37769 | 1 Jpeg | 1 Libjpeg | 2024-08-03 | 6.5 Medium |
libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
CVE-2022-37434 | 7 Apple, Debian, Fedoraproject and 4 more | 24 Ipados, Iphone Os, Macos and 21 more | 2024-08-03 | 9.8 Critical |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | ||||
CVE-2022-37331 | 1 Openbabel | 1 Open Babel | 2024-08-03 | 7.3 High |
An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2022-37302 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-08-03 | 5.5 Medium |
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior). | ||||
CVE-2022-35911 | 1 Patlite | 4 Nhl-fb2, Nhl-fb2 Firmware, Nhp-fb2 and 1 more | 2024-08-03 | 7.5 High |
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced. | ||||
CVE-2022-36763 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-08-03 | 7 High |
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||||
CVE-2022-36765 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-08-03 | 7 High |
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||||
CVE-2022-36372 | 1 Intel | 68 Nuc 8 Compute Element Cm8ccb4r, Nuc 8 Compute Element Cm8ccb4r Firmware, Nuc 8 Compute Element Cm8i3cb4n and 65 more | 2024-08-03 | 7.5 High |
Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-36086 | 1 Rust-osdev | 1 Linked-list-allocator | 2024-08-03 | 8.4 High |
linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::<usize>()`. | ||||
CVE-2022-35486 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. | ||||
CVE-2022-35014 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-08-03 | 5.5 Medium |
Advancecomp v2.3 contains a segmentation fault. | ||||
CVE-2022-35018 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-08-03 | 5.5 Medium |
Advancecomp v2.3 was discovered to contain a segmentation fault. | ||||
CVE-2022-35019 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-08-03 | 5.5 Medium |
Advancecomp v2.3 was discovered to contain a segmentation fault. | ||||
CVE-2022-34841 | 1 Intel | 1 Media Software Development Kit | 2024-08-03 | 5.7 Medium |
Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-34503 | 1 Qpdf Project | 1 Qpdf | 2024-08-03 | 6.5 Medium |
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |