Total
12110 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41190 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-25658 | 1 Qualcomm | 289 Apq8009, Apq8009 Firmware, Apq8009w and 286 more | 2024-02-04 | N/A | 9.8 CRITICAL |
Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2022-29279 | 1 Insyde | 1 Kernel | 2024-02-04 | N/A | 8.2 HIGH |
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 | |||||
CVE-2022-3550 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2024-02-04 | N/A | 8.8 HIGH |
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. | |||||
CVE-2022-39807 | 1 Sap | 1 3d Visual Enterprise Author | 2024-02-04 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-37302 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-02-04 | N/A | 5.5 MEDIUM |
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior). | |||||
CVE-2022-22104 | 1 Qualcomm | 38 Apq8096au, Apq8096au Firmware, Msm8996au and 35 more | 2024-02-04 | N/A | 7.8 HIGH |
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto | |||||
CVE-2022-41175 | 1 Sap | 1 3d Visual Enterprise Author | 2024-02-04 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2022-41211 | 1 Sap | 2 3d Visual Enterprise Author, 3d Visual Enterprise Viewer | 2024-02-04 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured. | |||||
CVE-2022-41188 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-41174 | 1 Sap | 1 3d Visual Enterprise Author | 2024-02-04 | N/A | 5.5 MEDIUM |
Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-41180 | 1 Sap | 1 3d Visual Enterprise Author | 2024-02-04 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2021-22426 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
CVE-2022-22558 | 1 Dell | 40 C4130, C4130 Firmware, C6320 and 37 more | 2024-02-04 | 3.6 LOW | 6.0 MEDIUM |
Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service. | |||||
CVE-2021-46786 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||
CVE-2021-40780 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
CVE-2021-40740 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
CVE-2021-40792 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
CVE-2021-39997 | 1 Huawei | 1 Emui | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
CVE-2021-40777 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |