Total
2024 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-38672 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
CVE-2022-38750 | 3 Debian, Redhat, Snakeyaml Project | 9 Debian Linux, Amq Broker, Camel Spring Boot and 6 more | 2024-08-03 | 6.5 Medium |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | ||||
CVE-2022-36063 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-08-03 | 7.6 High |
Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround. | ||||
CVE-2022-35867 | 1 Xhyve Project | 1 Xhyve | 2024-08-03 | 6.7 Medium |
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056. | ||||
CVE-2022-35299 | 1 Sap | 2 Sap Iq, Sql Anywhere | 2024-08-03 | 9.8 Critical |
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | ||||
CVE-2022-35260 | 4 Apple, Haxx, Netapp and 1 more | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2024-08-03 | 6.5 Medium |
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | ||||
CVE-2022-34884 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2024-08-03 | 7.2 High |
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. | ||||
CVE-2022-34526 | 4 Debian, Fedoraproject, Libtiff and 1 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-08-03 | 6.5 Medium |
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. | ||||
CVE-2022-34667 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2024-08-03 | 4.4 Medium |
NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. | ||||
CVE-2022-34403 | 1 Dell | 166 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 163 more | 2024-08-03 | 7.5 High |
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. | ||||
CVE-2022-34401 | 1 Dell | 6 Alienware M15 A6, Alienware M15 A6 Firmware, Alienware M17 R5 and 3 more | 2024-08-03 | 7.5 High |
Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM. | ||||
CVE-2022-33871 | 1 Fortinet | 1 Fortiweb | 2024-08-03 | 6.3 Medium |
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations. | ||||
CVE-2022-33264 | 1 Qualcomm | 515 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 512 more | 2024-08-03 | 7.9 High |
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | ||||
CVE-2022-33260 | 1 Qualcomm | 92 Aqt1000, Aqt1000 Firmware, Qam8295p and 89 more | 2024-08-03 | 5.9 Medium |
Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. | ||||
CVE-2022-33279 | 1 Qualcomm | 148 Ar9380, Ar9380 Firmware, Csr8811 and 145 more | 2024-08-03 | 9.8 Critical |
Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length. | ||||
CVE-2022-33213 | 1 Qualcomm | 418 Apq8009, Apq8009 Firmware, Apq8009w and 415 more | 2024-08-03 | 7.5 High |
Memory corruption in modem due to buffer overflow while processing a PPP packet | ||||
CVE-2022-32502 | 2024-08-03 | 6.3 Medium | ||
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||||
CVE-2022-30306 | 1 Fortinet | 1 Fortiweb | 2024-08-03 | 6.3 Medium |
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password. | ||||
CVE-2022-28772 | 1 Sap | 2 Netweaver, Web Dispatcher | 2024-08-03 | 7.5 High |
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. | ||||
CVE-2022-28304 | 1 Bentley | 2 Microstation, View | 2024-08-03 | 7.8 High |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16171. |