Search
Total
3972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3040 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 8.8 HIGH |
| Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-32047 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. | |||||
| CVE-2022-33218 | 1 Qualcomm | 48 Apq8064au, Apq8064au Firmware, Apq8096au and 45 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption in Automotive due to improper input validation. | |||||
| CVE-2022-37969 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-22610 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2023-08-08 | N/A | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution. | |||||
| CVE-2022-33300 | 1 Qualcomm | 102 Qam8295p, Qam8295p Firmware, Qca6174a and 99 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption in Automotive Android OS due to improper input validation. | |||||
| CVE-2022-36482 | 1 Totolink | 2 N350rt, N350rt Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg. | |||||
| CVE-2022-32048 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. | |||||
| CVE-2021-26384 | 1 Amd | 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more | 2023-08-08 | N/A | 7.8 HIGH |
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | |||||
| CVE-2022-22764 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 8.8 HIGH |
| Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
| CVE-2022-32046 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. | |||||
| CVE-2022-46878 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 8.8 HIGH |
| Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | |||||
| CVE-2022-22100 | 1 Qualcomm | 34 Apq8096au, Apq8096au Firmware, Qam8295p and 31 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto | |||||
| CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2023-08-08 | N/A | 8.8 HIGH |
| VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | |||||
| CVE-2021-40161 | 1 Autodesk | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | |||||
| CVE-2022-0797 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2022-23095 | 1 Opendesign | 1 Drawings Software Development Kit | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-37014 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. | |||||
| CVE-2022-41073 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-22088 | 1 Qualcomm | 300 Apq8009, Apq8009 Firmware, Apq8009w and 297 more | 2023-08-08 | N/A | 8.8 HIGH |
| Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote | |||||
| CVE-2022-32050 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. | |||||
| CVE-2021-46814 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-32041 | 1 Tenda | 2 M3, M3 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. | |||||
| CVE-2021-37571 | 1 Mediatek | 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more | 2023-08-08 | 9.3 HIGH | 8.8 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write). | |||||
| CVE-2022-46879 | 1 Mozilla | 1 Firefox | 2023-08-08 | N/A | 8.8 HIGH |
| Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. | |||||
| CVE-2022-3602 | 4 Fedoraproject, Netapp, Nodejs and 1 more | 4 Fedora, Clustered Data Ontap, Node.js and 1 more | 2023-08-08 | N/A | 7.5 HIGH |
| A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). | |||||
| CVE-2022-20203 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-32040 | 1 Tenda | 2 M3, M3 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. | |||||
| CVE-2022-0610 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-32049 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. | |||||
| CVE-2022-41128 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 8.8 HIGH |
| Windows Scripting Languages Remote Code Execution Vulnerability | |||||
| CVE-2022-32044 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. | |||||
| CVE-2022-25698 | 1 Qualcomm | 32 Sd429, Sd429 Firmware, Sd 8 Gen1 5g Firmware and 29 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-30807 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2022-32030 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. | |||||
| CVE-2022-25697 | 1 Qualcomm | 32 Sd429, Sd429 Firmware, Sd 8 Gen1 5g Firmware and 29 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2023-08-08 | N/A | 8.8 HIGH |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | |||||
| CVE-2022-3045 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 8.8 HIGH |
| Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-26719 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-08-08 | N/A | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-22080 | 1 Qualcomm | 224 Apq8053, Apq8053 Firmware, Apq8096au and 221 more | 2023-08-08 | N/A | 7.8 HIGH |
| Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2022-0470 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-32635 | 2 Google, Mediatek | 49 Android, Mt6580, Mt6735 and 46 more | 2023-08-08 | N/A | 7.8 HIGH |
| In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237. | |||||
| CVE-2022-0809 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-32051 | 1 Totolink | 2 T6, T6 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. | |||||
| CVE-2022-26730 | 1 Apple | 1 Macos | 2023-08-08 | N/A | 8.8 HIGH |
| A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2022-42820 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-08 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2022-32944 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-26386 | 1 Amd | 140 Ryzen 3 2200u, Ryzen 3 2200u Firmware, Ryzen 3 2300u and 137 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. | |||||
| CVE-2021-4100 | 1 Google | 1 Chrome | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-26716 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-08-08 | N/A | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||