Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41318 | 1 Squid-cache | 1 Squid | 2023-01-04 | N/A | 7.5 HIGH |
| A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7. | |||||
| CVE-2022-28228 | 1 Ydb | 1 Ydb | 2023-01-04 | N/A | 9.1 CRITICAL |
| Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash. | |||||
| CVE-2022-3266 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 5.5 MEDIUM |
| An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2022-47940 | 1 Linux | 1 Linux Kernel | 2022-12-30 | N/A | 8.1 HIGH |
| An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. | |||||
| CVE-2022-43596 | 1 Openimageio Project | 1 Openimageio | 2022-12-29 | N/A | 5.9 MEDIUM |
| An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2022-41649 | 1 Openimageio Project | 1 Openimageio | 2022-12-29 | N/A | 9.1 CRITICAL |
| A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-22742 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-29 | N/A | 6.5 MEDIUM |
| When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-42946 | 1 Autodesk | 1 Maya | 2022-12-28 | N/A | 7.1 HIGH |
| Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2022-43592 | 1 Openimageio Project | 1 Openimageio | 2022-12-28 | N/A | 5.9 MEDIUM |
| An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2022-44940 | 1 Patchelf Project | 1 Patchelf | 2022-12-27 | N/A | 9.1 CRITICAL |
| Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. | |||||
| CVE-2022-2966 | 1 Deltaww | 1 Dopsoft | 2022-12-27 | N/A | 7.5 HIGH |
| Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions. | |||||
| CVE-2022-46320 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 9.8 CRITICAL |
| The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting. | |||||
| CVE-2022-46317 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 7.5 HIGH |
| The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-31630 | 1 Php | 1 Php | 2022-12-23 | N/A | 7.1 HIGH |
| In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | |||||
| CVE-2022-35263 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_file/` API. | |||||
| CVE-2022-35262 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_xml_file/` API. | |||||
| CVE-2022-35266 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_firmware/` API. | |||||
| CVE-2022-35264 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_aaa_cert_file/` API. | |||||
| CVE-2022-35261 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_authorized_keys/` API. | |||||
| CVE-2022-42532 | 1 Google | 1 Android | 2022-12-21 | N/A | 4.4 MEDIUM |
| In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A | |||||