Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2301 | 1 Chafa Project | 1 Chafa | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. | |||||
| CVE-2020-11899 | 1 Treck | 1 Tcp\/ip | 2022-07-10 | 4.8 MEDIUM | 5.4 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | |||||
| CVE-2021-1111 | 1 Nvidia | 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more | 2022-07-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components. | |||||
| CVE-2022-33021 | 1 Openhwgroup | 1 Cva6 | 2022-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. | |||||
| CVE-2021-33650 | 1 Mindspore | 1 Mindspore | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers. | |||||
| CVE-2021-33649 | 1 Mindspore | 1 Mindspore | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers. | |||||
| CVE-2021-33648 | 1 Mindspore | 1 Mindspore | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers. | |||||
| CVE-2020-11045 | 3 Canonical, Debian, Freerdp | 3 Ubuntu Linux, Debian Linux, Freerdp | 2022-07-01 | 4.9 MEDIUM | 3.3 LOW |
| In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. | |||||
| CVE-2020-11042 | 3 Canonical, Debian, Freerdp | 3 Ubuntu Linux, Debian Linux, Freerdp | 2022-07-01 | 4.9 MEDIUM | 5.9 MEDIUM |
| In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. | |||||
| CVE-2020-11048 | 3 Canonical, Debian, Freerdp | 3 Ubuntu Linux, Debian Linux, Freerdp | 2022-07-01 | 3.5 LOW | 2.2 LOW |
| In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. | |||||
| CVE-2020-11049 | 2 Canonical, Freerdp | 2 Ubuntu Linux, Freerdp | 2022-07-01 | 3.5 LOW | 2.2 LOW |
| In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. | |||||
| CVE-2020-11040 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2022-07-01 | 4.0 MEDIUM | 2.7 LOW |
| In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. | |||||
| CVE-2020-11043 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2022-07-01 | 5.0 MEDIUM | 2.7 LOW |
| In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. | |||||
| CVE-2022-32139 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2022-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. | |||||
| CVE-2020-7059 | 5 Debian, Opensuse, Oracle and 2 more | 5 Debian Linux, Leap, Communications Diameter Signaling Router and 2 more | 2022-07-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2020-7060 | 5 Debian, Opensuse, Oracle and 2 more | 5 Debian Linux, Leap, Communications Diameter Signaling Router and 2 more | 2022-07-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2022-34300 | 1 Tinyexr Project | 1 Tinyexr | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. | |||||
| CVE-2022-34299 | 1 Libdwarf Project | 1 Libdwarf | 2022-06-29 | 5.8 MEDIUM | 8.1 HIGH |
| There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b. | |||||
| CVE-2020-13496 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2022-27869 | 1 Autodesk | 1 Autocad | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code. | |||||