Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19953 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2022-10-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | |||||
| CVE-2021-27606 | 1 Sap | 1 Netweaver As Abap | 2022-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27597 | 1 Sap | 1 Netweaver Abap | 2022-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27629 | 1 Sap | 1 Netweaver As Abap | 2022-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2022-2124 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-10-31 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2126 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-10-31 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-38436 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-10-31 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-2605 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-40320 | 2 Fedoraproject, Libconfuse Project | 2 Fedora, Libconfuse | 2022-10-27 | N/A | 8.8 HIGH |
| cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | |||||
| CVE-2022-34465 | 1 Siemens | 2 Parasolid, Simcenter Femap | 2022-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420) | |||||
| CVE-2022-39836 | 1 Genivi | 1 Diagnostic Log And Trace | 2022-10-27 | N/A | 5.5 MEDIUM |
| An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. | |||||
| CVE-2021-34307 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-10-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343) | |||||
| CVE-2020-21535 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2022-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. | |||||
| CVE-2022-1858 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. | |||||
| CVE-2020-23915 | 1 Cpp-peglib Project | 1 Cpp-peglib | 2022-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read. | |||||
| CVE-2020-23921 | 1 Fast Ber Project | 1 Fast Ber | 2022-10-26 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read. | |||||
| CVE-2020-24119 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2022-10-26 | 5.8 MEDIUM | 7.1 HIGH |
| A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. | |||||
| CVE-2020-23928 | 1 Gpac | 1 Gpac | 2022-10-26 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||||
| CVE-2022-2010 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-26 | N/A | 9.3 CRITICAL |
| Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-23922 | 2 Apache, Giflib Project | 2 Bookkeeper, Giflib | 2022-10-26 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | |||||