Export limit exceeded: 45922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45922 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27831 | 1 Google | 1 Android | 2024-11-21 | 2.9 Low |
| Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. | ||||
| CVE-2022-27825 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | ||||
| CVE-2022-27824 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | ||||
| CVE-2022-27823 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | ||||
| CVE-2022-27821 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. | ||||
| CVE-2022-27813 | 1 Motorola | 4 Mtm5400, Mtm5400 Firmware, Mtm5500 and 1 more | 2024-11-21 | 8.1 High |
| Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions. | ||||
| CVE-2022-27780 | 3 Haxx, Netapp, Splunk | 18 Curl, Clustered Data Ontap, H300s and 15 more | 2024-11-21 | 5.3 Medium |
| The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. | ||||
| CVE-2022-27666 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 7.8 High |
| A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | ||||
| CVE-2022-27662 | 1 F5 | 1 Traffix Signaling Delivery Controller | 2024-11-21 | 4.8 Medium |
| On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-27612 | 1 Synology | 1 Audio Station | 2024-11-21 | 7.3 High |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2022-27607 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 8.1 High |
| Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531. | ||||
| CVE-2022-27572 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | ||||
| CVE-2022-27571 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | ||||
| CVE-2022-27570 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | ||||
| CVE-2022-27569 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | ||||
| CVE-2022-27568 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | ||||
| CVE-2022-27531 | 1 Autodesk | 1 3ds Max | 2024-11-21 | 7.8 High |
| A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27524 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.1 High |
| An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27523 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.1 High |
| A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27451 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | ||||