Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30667 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30666 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30651 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-30549 | 1 Fujielectric | 1 V-server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
|
|||||
| CVE-2022-30546 | 1 Fujielectric | 1 Monitouch V-sft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
|
|||||
| CVE-2022-30531 | 2 Intel, Microsoft | 2 Iris Xe Max Dedicated Graphics, Windows | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.
|
|||||
| CVE-2022-30339 | 1 Intel | 1 Integrated Sensor Solution | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2022-30045 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.
|
|||||
| CVE-2022-2966 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | N/A | 3.3 LOW |
|
Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.
|
|||||
| CVE-2022-2953 | 3 Debian, Libtiff, Netapp | 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility | 2024-11-21 | N/A | 5.5 MEDIUM |
|
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
|
|||||
| CVE-2022-2905 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
|
|||||
| CVE-2022-2869 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2024-11-21 | N/A | 5.5 MEDIUM |
|
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
|
|||||
| CVE-2022-2867 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2024-11-21 | N/A | 5.5 MEDIUM |
|
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
|
|||||
| CVE-2022-2831 | 1 Blender | 1 Blender | 2024-11-21 | N/A | 7.5 HIGH |
|
A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
|
|||||
| CVE-2022-2816 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
|
|||||
| CVE-2022-2785 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 6.7 MEDIUM |
|
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c
|
|||||
| CVE-2022-2605 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2022-2581 | 1 Vim | 1 Vim | 2024-11-21 | N/A | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
|
|||||
| CVE-2022-2469 | 2 Debian, Gnu | 2 Debian Linux, Gnu Sasl | 2024-11-21 | N/A | 3.8 LOW |
|
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
|
|||||
| CVE-2022-2301 | 1 Chafa Project | 1 Chafa | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.
|
|||||
| CVE-2022-2287 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
|
|||||
| CVE-2022-2286 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
|
|||||
| CVE-2022-2257 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
|
|||||
| CVE-2022-2206 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-2183 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-2175 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-2127 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
|
|||||
| CVE-2022-2126 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-2124 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-2010 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 9.3 CRITICAL |
|
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2022-29537 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
|
|||||
| CVE-2022-29506 | 1 Fujielectric | 2 V-server, V-sft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
|
|||||
| CVE-2022-29488 | 1 Hornerautomation | 1 Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2022-29368 | 1 Moddable | 1 Moddable | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c.
|
|||||
| CVE-2022-28857 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28856 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28855 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28854 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28850 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-28832 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||