Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20095 | 2 Google, Mediatek | 12 Android, Mt6771, Mt6779 and 9 more | 2022-05-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763. | |||||
| CVE-2022-1403 | 1 Deltaww | 1 Asda Soft | 2022-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. | |||||
| CVE-2022-23400 | 1 Accusoft | 1 Imagegear | 2022-05-09 | 5.8 MEDIUM | 7.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-20087 | 2 Google, Mediatek | 7 Android, Mt6833, Mt6853 and 4 more | 2022-05-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. | |||||
| CVE-2022-28561 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-05-09 | 10.0 HIGH | 9.8 CRITICAL |
| There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload | |||||
| CVE-2021-3721 | 1 Lenovo | 1 Pcmanager | 2022-05-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | |||||
| CVE-2022-22323 | 2 Ibm, Microsoft | 2 Security Verify Password Synchronization, Active Directory | 2022-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. | |||||
| CVE-2022-22312 | 2 Ibm, Microsoft | 2 Security Verify Password Synchronization, Active Directory | 2022-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. | |||||
| CVE-2022-28085 | 1 Htmldoc Project | 1 Htmldoc | 2022-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). | |||||
| CVE-2022-27135 | 1 Xpdfreader | 1 Xpdf | 2022-05-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. | |||||
| CVE-2022-29077 | 1 Ripple | 1 Rippled | 2022-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. | |||||
| CVE-2022-1437 | 1 Radare | 1 Radare2 | 2022-05-03 | 5.8 MEDIUM | 7.1 HIGH |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | |||||
| CVE-2021-38499 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93. | |||||
| CVE-2020-20245 | 1 Mikrotik | 1 Routeros | 2022-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. | |||||
| CVE-2020-11182 | 1 Qualcomm | 536 Aqt1000, Aqt1000 Firmware, Pm3003a and 533 more | 2022-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-20227 | 1 Mikrotik | 1 Routeros | 2022-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. | |||||
| CVE-2021-29966 | 1 Mozilla | 1 Firefox | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. | |||||
| CVE-2021-23964 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | |||||
| CVE-2020-20236 | 1 Mikrotik | 1 Routeros | 2022-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. | |||||
| CVE-2021-30665 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||