Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25732 | 1 Qualcomm | 66 Ar8031, Ar8031 Firmware, Csra6620 and 63 more | 2023-02-21 | N/A | 7.5 HIGH |
| Information disclosure in modem due to buffer over read in dns client due to missing length check | |||||
| CVE-2022-25728 | 1 Qualcomm | 68 Ar8031, Ar8031 Firmware, Csra6620 and 65 more | 2023-02-21 | N/A | 7.5 HIGH |
| Information disclosure in modem due to buffer over-read while processing response from DNS server | |||||
| CVE-2022-33306 | 1 Qualcomm | 262 Ar8035, Ar8035 Firmware, Ar9380 and 259 more | 2023-02-21 | N/A | 7.5 HIGH |
| Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs. | |||||
| CVE-2022-34145 | 1 Qualcomm | 188 Csr8811, Csr8811 Firmware, Ipq5010 and 185 more | 2023-02-21 | N/A | 7.5 HIGH |
| Transient DOS due to buffer over-read in WLAN Host while parsing frame information. | |||||
| CVE-2022-33271 | 1 Qualcomm | 490 Apq8096au, Apq8096au Firmware, Aqt1000 and 487 more | 2023-02-21 | N/A | 7.5 HIGH |
| Information disclosure due to buffer over-read in WLAN while parsing NMF frame. | |||||
| CVE-2022-33229 | 1 Qualcomm | 42 Ar8031, Ar8031 Firmware, Csra6620 and 39 more | 2023-02-21 | N/A | 7.5 HIGH |
| Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets. | |||||
| CVE-2022-33221 | 1 Qualcomm | 28 Sd 8 Gen1 5g, Sd 8 Gen1 5g Firmware, Ssg2115p and 25 more | 2023-02-21 | N/A | 5.5 MEDIUM |
| Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests. | |||||
| CVE-2022-25738 | 1 Qualcomm | 70 Ar8031, Ar8031 Firmware, Csra6620 and 67 more | 2023-02-21 | N/A | 7.5 HIGH |
| Information disclosure in modem due to buffer over-red while performing checksum of packet received | |||||
| CVE-2023-21430 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 7.8 HIGH |
| An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2020-12403 | 1 Mozilla | 1 Nss | 2023-02-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. | |||||
| CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-02-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | |||||
| CVE-2019-13222 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2023-02-16 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. | |||||
| CVE-2022-48293 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 6.5 MEDIUM |
| The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48292 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 6.5 MEDIUM |
| The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-21711 | 1 Elfspirit Project | 1 Elfspirit | 2023-02-16 | 5.8 MEDIUM | 7.1 HIGH |
| elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue. | |||||
| CVE-2022-47943 | 1 Linux | 1 Linux Kernel | 2023-02-16 | N/A | 8.1 HIGH |
| An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. | |||||
| CVE-2019-13331 | 2 Foxitsoftware, Microsoft | 2 Reader, Windows | 2023-02-15 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8838. | |||||
| CVE-2019-13326 | 2 Foxitsoftware, Microsoft | 2 Reader, Windows | 2023-02-15 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8864. | |||||
| CVE-2019-13325 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2023-02-15 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922. | |||||
| CVE-2019-13324 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2023-02-15 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782. | |||||