Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26470 | 2 Google, Mediatek | 12 Android, Mt6879, Mt6895 and 9 more | 2022-09-08 | N/A | 6.7 MEDIUM |
| In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07116037; Issue ID: ALPS07116037. | |||||
| CVE-2022-26468 | 2 Google, Mediatek | 45 Android, Mt6735, Mt6739 and 42 more | 2022-09-08 | N/A | 6.6 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07168125; Issue ID: ALPS07168125. | |||||
| CVE-2022-26467 | 2 Google, Mediatek | 38 Android, Mt6580, Mt6735 and 35 more | 2022-09-08 | N/A | 6.7 MEDIUM |
| In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07167738; Issue ID: ALPS07167738. | |||||
| CVE-2022-1888 | 1 Fujielectric | 2 Alpha7 Pc Loader, Alpha7 Pc Loader Firmware | 2022-09-07 | N/A | 7.8 HIGH |
| Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-1841 | 1 Zephyrproject | 1 Zephyr | 2022-09-07 | N/A | 5.3 MEDIUM |
| In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | |||||
| CVE-2022-36054 | 1 Contiki-ng | 1 Contiki-ng | 2022-09-07 | N/A | 8.8 HIGH |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. | |||||
| CVE-2022-2044 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2022-09-06 | N/A | 8.2 HIGH |
| MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | |||||
| CVE-2022-2043 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2022-09-06 | N/A | 7.5 HIGH |
| MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | |||||
| CVE-2022-1115 | 1 Imagemagick | 1 Imagemagick | 2022-09-06 | N/A | 5.5 MEDIUM |
| A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. | |||||
| CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2022-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | |||||
| CVE-2022-2896 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. | |||||
| CVE-2022-2892 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. | |||||
| CVE-2022-36571 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 7.2 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. | |||||
| CVE-2022-36570 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 7.2 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. | |||||
| CVE-2022-36569 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 8.8 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. | |||||
| CVE-2022-2866 | 1 Fatek | 1 Fvdesigner | 2022-09-02 | N/A | 7.8 HIGH |
| FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. | |||||
| CVE-2022-36568 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 8.8 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. | |||||
| CVE-2020-15306 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-09-02 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. | |||||
| CVE-2022-2831 | 1 Blender | 1 Blender | 2022-09-01 | N/A | 7.5 HIGH |
| A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption. | |||||
| CVE-2022-2915 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-09-01 | N/A | 8.8 HIGH |
| A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | |||||