Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21843 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-21838 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-21839 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2022-34502 | 1 Radare | 1 Radare2 | 2022-07-28 | N/A | 5.5 MEDIUM |
| Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file. | |||||
| CVE-2022-30938 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Ip Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more | 2022-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition | |||||
| CVE-2022-20238 | 1 Google | 1 Android | 2022-07-26 | 10.0 HIGH | 9.8 CRITICAL |
| 'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555 | |||||
| CVE-2022-20236 | 1 Google | 1 Android | 2022-07-25 | 7.8 HIGH | 7.5 HIGH |
| A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709 | |||||
| CVE-2020-23563 | 1 Irfanview | 1 Irfanview | 2022-07-22 | N/A | 5.5 MEDIUM |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. | |||||
| CVE-2022-34764 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2022-07-21 | N/A | 7.5 HIGH |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||
| CVE-2021-21832 | 1 Disc-soft | 1 Daemon Tools | 2022-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2016-1283 | 4 Fedoraproject, Oracle, Pcre and 1 more | 4 Fedora, Solaris, Pcre and 1 more | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2016-4544 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Leap and 2 more | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. | |||||
| CVE-2016-7480 | 2 Netapp, Php | 2 Clustered Data Ontap, Php | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | |||||
| CVE-2022-31620 | 1 Libjpeg Project | 1 Libjpeg | 2022-07-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. | |||||
| CVE-2022-34287 | 1 Siemens | 1 Pads Viewer | 2022-07-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-052, FG-VD-22-056) | |||||
| CVE-2022-34290 | 1 Siemens | 1 Pads Viewer | 2022-07-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055) | |||||
| CVE-2022-34291 | 1 Siemens | 1 Pads Viewer | 2022-07-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-057, FG-VD-22-058, FG-VD-22-060) | |||||
| CVE-2021-44975 | 1 Radare | 1 Radare2 | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. | |||||
| CVE-2021-30666 | 1 Apple | 1 Iphone Os | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2020-29557 | 1 D-link | 6 Dir-825, Dir-825\/a, Dir-825\/ac and 3 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | |||||