Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22738 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-29 | N/A | 8.8 HIGH |
| Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-3775 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2022-12-28 | N/A | 7.1 HIGH |
| When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | |||||
| CVE-2022-42947 | 1 Autodesk | 1 Maya | 2022-12-28 | N/A | 7.8 HIGH |
| A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. | |||||
| CVE-2022-44108 | 1 Pdftojson Project | 1 Pdftojson | 2022-12-27 | N/A | 9.8 CRITICAL |
| pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc. | |||||
| CVE-2022-44109 | 1 Pdftojson Project | 1 Pdftojson | 2022-12-27 | N/A | 9.8 CRITICAL |
| pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int). | |||||
| CVE-2022-43289 | 1 Entropymine | 1 Deark | 2022-12-24 | N/A | 7.8 HIGH |
| Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c. | |||||
| CVE-2022-46323 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 9.8 CRITICAL |
| Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. | |||||
| CVE-2022-46322 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 7.5 HIGH |
| Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | |||||
| CVE-2022-46325 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 9.8 CRITICAL |
| Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. | |||||
| CVE-2022-46326 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 9.8 CRITICAL |
| Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | |||||
| CVE-2022-46324 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 9.8 CRITICAL |
| Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | |||||
| CVE-2022-46319 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-23 | N/A | 9.8 CRITICAL |
| Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write. | |||||
| CVE-2020-3118 | 1 Cisco | 37 Asr 9000, Asr 9000v, Asr 9001 and 34 more | 2022-12-23 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2019-15692 | 2 Opensuse, Tigervnc | 2 Leap, Tigervnc | 2022-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2022-47517 | 1 Drachtio | 1 Drachtio-server | 2022-12-22 | N/A | 7.5 HIGH |
| An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error. | |||||
| CVE-2022-41992 | 1 Poweriso | 1 Poweriso | 2022-12-22 | N/A | 7.8 HIGH |
| A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability. | |||||
| CVE-2022-46109 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-12-21 | N/A | 7.5 HIGH |
| Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. | |||||
| CVE-2022-42542 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
| In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184 | |||||
| CVE-2022-42501 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
| In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A | |||||
| CVE-2022-42502 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
| In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A | |||||