Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32491 | 1 Dell | 580 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 577 more | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.
|
|||||
| CVE-2022-32455 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | N/A | 7.5 HIGH |
|
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2022-30938 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Ip Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This coul ...
Show More |
|||||
| CVE-2022-30937 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the ...
Show More |
|||||
| CVE-2022-2964 | 3 Linux, Netapp, Redhat | 12 Linux Kernel, H300s, H300s Firmware and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
|
|||||
| CVE-2022-2947 | 1 Altair | 1 Hyperview Player | 2024-11-21 | N/A | 7.8 HIGH |
|
Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.
|
|||||
| CVE-2022-29510 | 1 Intel | 72 Compute Module Hns2600bp, Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb and 69 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-29503 | 3 Anker, Uclibc, Uclibc-ng Project | 4 Eufy Homebase 2, Eufy Homebase 2 Firmware, Uclibc and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
|
|||||
| CVE-2022-29465 | 1 Accusoft | 1 Imagegear | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2022-28200 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
|
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.
|
|||||
| CVE-2022-28194 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
|
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality.
|
|||||
| CVE-2022-27879 | 1 Intel | 142 Atom X5-e3930, Atom X5-e3930 Firmware, Atom X5-e3940 and 139 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
|
|||||
| CVE-2022-25959 | 1 Omron | 1 Cx-position | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2022-25818 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
|
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
|
|||||
| CVE-2022-25713 | 1 Qualcomm | 110 Ar8035, Ar8035 Firmware, Qam8295p and 107 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key.
|
|||||
| CVE-2022-25709 | 1 Qualcomm | 136 Ar8035, Ar8035 Firmware, Qca6174a and 133 more | 2024-11-21 | N/A | 8.4 HIGH |
|
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
|
|||||
| CVE-2022-25694 | 1 Qualcomm | 416 Apq8009, Apq8009 Firmware, Apq8009w and 413 more | 2024-11-21 | N/A | 8.4 HIGH |
|
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
|
|||||
| CVE-2022-25658 | 1 Qualcomm | 289 Apq8009, Apq8009 Firmware, Apq8009w and 286 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
|
|||||
| CVE-2022-25310 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
|
|||||
| CVE-2022-24939 | 1 Silabs | 2 Gecko Software Development Kit, Zigbee Emberznet | 2024-11-21 | N/A | 5.7 MEDIUM |
|
A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
|
|||||
| CVE-2022-24938 | 1 Silabs | 1 Emberznet | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
|
|||||
| CVE-2022-24937 | 1 Silabs | 1 Emberznet | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.
|
|||||
| CVE-2022-24936 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | N/A | 8.3 HIGH |
|
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
|
|||||
| CVE-2022-24788 | 1 Vyperlang | 1 Vyper | 2024-11-21 | 7.5 HIGH | 7.1 HIGH |
|
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||
| CVE-2022-24661 | 1 Siemens | 1 Simcenter Star-ccm\+ Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process.
|
|||||
| CVE-2022-24421 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24420 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24419 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24416 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24415 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24322 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior)
|
|||||
| CVE-2022-24063 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to e ...
Show More |
|||||
| CVE-2022-23523 | 1 Linux-loader Project | 1 Linux-loader | 2024-11-21 | N/A | 4.0 MEDIUM |
|
In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are load ...
Show More |
|||||
| CVE-2022-22716 | 1 Microsoft | 7 365 Apps, Excel, Office and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Microsoft Excel Information Disclosure Vulnerability
|
|||||
| CVE-2022-22558 | 1 Dell | 40 C4130, C4130 Firmware, C6320 and 37 more | 2024-11-21 | 3.6 LOW | 5.7 MEDIUM |
|
Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.
|
|||||
| CVE-2022-22514 | 1 Codesys | 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
|
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
|
|||||
| CVE-2022-22104 | 1 Qualcomm | 38 Apq8096au, Apq8096au Firmware, Msm8996au and 35 more | 2024-11-21 | N/A | 8.4 HIGH |
|
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto
|
|||||
| CVE-2022-22098 | 1 Qualcomm | 2 Apq8096au, Apq8096au Firmware | 2024-11-21 | N/A | 8.4 HIGH |
|
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto
|
|||||
| CVE-2022-21852 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Windows DWM Core Library Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-20947 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | N/A | 8.6 HIGH |
|
A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affect ...
Show More |
|||||