Total
2502 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29030 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2022-28937 | 1 Fisco-bcos | 1 Fisco-bcos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests. | |||||
| CVE-2022-28936 | 1 Fisco-bcos | 1 Fisco-bcos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet. | |||||
| CVE-2022-28705 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-28615 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. | |||||
| CVE-2022-28614 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. | |||||
| CVE-2022-28471 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 | |||||
| CVE-2022-28331 | 2 Apache, Microsoft | 2 Portable Runtime, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. | |||||
| CVE-2022-28197 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2024-11-21 | 4.4 MEDIUM | 5.0 MEDIUM |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components. | |||||
| CVE-2022-28195 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2024-11-21 | 4.6 MEDIUM | 5.7 MEDIUM |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components. | |||||
| CVE-2022-28041 | 3 Debian, Fedoraproject, Nothings | 3 Debian Linux, Fedora, Stb Image.h | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2022-27833 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 4.6 MEDIUM | 4.4 MEDIUM |
| Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | |||||
| CVE-2022-27641 | 2024-11-21 | N/A | 8.8 HIGH | ||
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806. | |||||
| CVE-2022-27148 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | |||||
| CVE-2022-27114 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. | |||||
| CVE-2022-26775 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26711 | 1 Apple | 6 Ipados, Iphone Os, Itunes and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26495 | 3 Debian, Fedoraproject, Network Block Device Project | 3 Debian Linux, Fedora, Network Block Device | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. | |||||
| CVE-2022-26466 | 3 Google, Mediatek, Yoctoproject | 24 Android, Mt6779, Mt6781 and 21 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558777; Issue ID: ALPS06558777. | |||||
| CVE-2022-26459 | 2 Google, Mediatek | 15 Android, Mt6833, Mt6853 and 12 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032634; Issue ID: ALPS07032634. | |||||