Total
351 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34634 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception. | |||||
| CVE-2022-34641 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation. | |||||
| CVE-2022-34636 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation. | |||||
| CVE-2021-40391 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2022-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-36128 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. | |||||
| CVE-2021-3127 | 1 Nats | 2 Jwt Library, Nats Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | |||||
| CVE-2021-28971 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. | |||||
| CVE-2021-38384 | 1 Serverless Offline Project | 1 Serverless Offline | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions). | |||||
| CVE-2020-7693 | 1 Sockjs Project | 1 Sockjs | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | |||||
| CVE-2021-3433 | 1 Zephyrproject | 1 Zephyr | 2022-07-08 | 2.1 LOW | 3.3 LOW |
| Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp | |||||
| CVE-2022-32990 | 1 Gimp | 1 Gimp | 2022-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | |||||
| CVE-2022-27872 | 1 Autodesk | 1 Navisworks | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code. | |||||
| CVE-2019-5051 | 4 Canonical, Debian, Libsdl and 1 more | 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | |||||
| CVE-2022-22150 | 1 Foxit | 1 Pdf Reader | 2022-06-16 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2022-30727 | 1 Google | 1 Android | 2022-06-10 | 2.1 LOW | 5.5 MEDIUM |
| Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | |||||
| CVE-2022-30725 | 1 Google | 1 Android | 2022-06-10 | 3.3 LOW | 4.3 MEDIUM |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-30723 | 1 Google | 1 Android | 2022-06-10 | 3.3 LOW | 4.3 MEDIUM |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-30724 | 1 Google | 1 Android | 2022-06-10 | 3.3 LOW | 4.3 MEDIUM |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-30716 | 1 Google | 1 Android | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | |||||
| CVE-2019-17195 | 3 Apache, Connect2id, Oracle | 15 Hadoop, Nimbus Jose\+jwt, Communications Cloud Native Core Security Edge Protection Proxy and 12 more | 2022-06-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. | |||||