Total
9629 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-125007 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
CVE-2022-0100 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-46635 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15507. | |||||
CVE-2021-46640 | 1 Bentley | 2 Microstation, View | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15512. | |||||
CVE-2021-1942 | 1 Qualcomm | 222 Aqt1000, Aqt1000 Firmware, Ar8031 and 219 more | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2022-29642 | 1 Totolink | 2 A3100r, A3100r Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
CVE-2022-26738 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-39814 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A | |||||
CVE-2022-28821 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2014-125008 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
CVE-2022-27292 | 1 Dlink | 2 Dir-619, Dir-619 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. | |||||
CVE-2022-23676 | 1 Arubanetworks | 22 2530, 2530 Firmware, 2540 and 19 more | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities. | |||||
CVE-2022-28874 | 4 Apple, F-secure, Microsoft and 1 more | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
CVE-2022-22636 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-23985 | 1 Fatek | 1 Fvdesigner | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. | |||||
CVE-2022-28234 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a heap-based buffer overflow vulnerability due to insecure handling of a crafted .pdf file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file | |||||
CVE-2022-20030 | 2 Google, Mediatek | 17 Android, Mt6781, Mt6785 and 14 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793. | |||||
CVE-2020-13495 | 2 Apple, Pixar | 2 Mac Os X, Openusd | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file. | |||||
CVE-2021-4093 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario. | |||||
CVE-2022-20209 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 |