Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33309 | 1 Qualcomm | 130 Csr8811, Csr8811 Firmware, Ipq5010 and 127 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.
|
|||||
| CVE-2022-33306 | 1 Qualcomm | 262 Ar8035, Ar8035 Firmware, Ar9380 and 259 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.
|
|||||
| CVE-2022-33297 | 1 Qualcomm | 20 Qca6310, Qca6310 Firmware, Qca6320 and 17 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Information disclosure due to buffer overread in Linux sensors
|
|||||
| CVE-2022-33295 | 1 Qualcomm | 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
|
|||||
| CVE-2022-33291 | 1 Qualcomm | 78 9205 Lte Modem, 9205 Lte Modem Firmware, 9206 Lte Modem and 75 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
|
|||||
| CVE-2022-33287 | 1 Qualcomm | 78 9205 Lte Modem, 9205 Lte Modem Firmware, 9206 Lte Modem and 75 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
|
|||||
| CVE-2022-33273 | 1 Qualcomm | 198 Aqt1000, Aqt1000 Firmware, Ar8035 and 195 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation.
|
|||||
| CVE-2022-33271 | 1 Qualcomm | 490 Apq8096au, Apq8096au Firmware, Aqt1000 and 487 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure due to buffer over-read in WLAN while parsing NMF frame.
|
|||||
| CVE-2022-33258 | 1 Qualcomm | 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure due to buffer over-read in modem while reading configuration parameters.
|
|||||
| CVE-2022-33229 | 1 Qualcomm | 42 Ar8031, Ar8031 Firmware, Csra6620 and 39 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.
|
|||||
| CVE-2022-33228 | 1 Qualcomm | 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
|
|||||
| CVE-2022-33222 | 1 Qualcomm | 26 Mdm8207, Mdm8207 Firmware, Mdm9205 and 23 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
|
|||||
| CVE-2022-33221 | 1 Qualcomm | 28 Sd 8 Gen1 5g Firmware, Sm8475, Ssg2115p and 25 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.
|
|||||
| CVE-2022-33220 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Qam8295p and 87 more | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Information disclosure in Automotive multimedia due to buffer over-read.
|
|||||
| CVE-2022-33021 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30.
|
|||||
| CVE-2022-32830 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2024-11-21 | N/A | 7.5 HIGH |
|
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information.
|
|||||
| CVE-2022-32745 | 1 Samba | 1 Samba | 2024-11-21 | N/A | 8.1 HIGH |
|
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
|
|||||
| CVE-2022-32325 | 2 Fedoraproject, Jpegoptim Project | 2 Fedora, Jpegoptim | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.
|
|||||
| CVE-2022-32200 | 1 Libdwarf Project | 1 Libdwarf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.
|
|||||
| CVE-2022-32141 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.
|
|||||
| CVE-2022-32139 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.
|
|||||
| CVE-2022-31796 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.
|
|||||
| CVE-2022-31630 | 1 Php | 1 Php | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
|
|||||
| CVE-2022-31617 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
|
|||||
| CVE-2022-31616 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.
|
|||||
| CVE-2022-31612 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2024-11-21 | N/A | 7.1 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.
|
|||||
| CVE-2022-31212 | 1 Dbus-broker Project | 1 Dbus-broker | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.
|
|||||
| CVE-2022-31045 | 1 Istio | 1 Istio | 2024-11-21 | 7.5 HIGH | 7.0 HIGH |
|
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||
| CVE-2022-31002 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue.
|
|||||
| CVE-2022-31001 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue.
|
|||||
| CVE-2022-30976 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
|
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
|
|||||
| CVE-2022-30702 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.
|
|||||
| CVE-2022-30676 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30675 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30674 | 4 Adobe, Apple, Fedoraproject and 1 more | 4 Indesign, Macos, Fedora and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30673 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30672 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30671 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30669 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30668 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||