Export limit exceeded: 346948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40737 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields. | ||||
| CVE-2022-40709 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | 3.3 Low |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708. | ||||
| CVE-2022-40707 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | 3.3 Low |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. | ||||
| CVE-2022-40647 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17558. | ||||
| CVE-2022-40640 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308. | ||||
| CVE-2022-40636 | 1 Ansys | 1 Spaceclaim | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044. | ||||
| CVE-2022-40540 | 1 Qualcomm | 32 Sd888 5g, Sd888 5g Firmware, Sd 8 Gen1 5g Firmware and 29 more | 2024-11-21 | 8.4 High |
| Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel. | ||||
| CVE-2022-40539 | 1 Qualcomm | 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more | 2024-11-21 | 8.4 High |
| Memory corruption in Automotive Android OS due to improper validation of array index. | ||||
| CVE-2022-40537 | 1 Qualcomm | 324 Apq8009, Apq8009 Firmware, Apq8009w and 321 more | 2024-11-21 | 7.3 High |
| Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. | ||||
| CVE-2022-40535 | 1 Qualcomm | 142 Csr8811, Csr8811 Firmware, Ipq8070a and 139 more | 2024-11-21 | 7.5 High |
| Transient DOS due to buffer over-read in WLAN while sending a packet to device. | ||||
| CVE-2022-40524 | 1 Qualcomm | 76 Aqt1000, Aqt1000 Firmware, Qca6390 and 73 more | 2024-11-21 | 6.7 Medium |
| Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service. | ||||
| CVE-2022-40514 | 1 Qualcomm | 456 Aqt1000, Aqt1000 Firmware, Ar8031 and 453 more | 2024-11-21 | 9.8 Critical |
| Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. | ||||
| CVE-2022-40512 | 1 Qualcomm | 590 Apq8009, Apq8009 Firmware, Apq8017 and 587 more | 2024-11-21 | 7.5 High |
| Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. | ||||
| CVE-2022-40505 | 1 Qualcomm | 26 9205 Lte Modem, 9205 Lte Modem Firmware, 9206 Lte Modem and 23 more | 2024-11-21 | 8.2 High |
| Information disclosure due to buffer over-read in Modem while parsing DNS hostname. | ||||
| CVE-2022-40503 | 1 Qualcomm | 370 8905, 8905 Firmware, 8909 and 367 more | 2024-11-21 | 8.2 High |
| Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. | ||||
| CVE-2022-40438 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2022-40320 | 2 Fedoraproject, Libconfuse Project | 2 Fedora, Libconfuse | 2024-11-21 | 8.8 High |
| cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | ||||
| CVE-2022-40318 | 3 Debian, Frrouting, Redhat | 3 Debian Linux, Frrouting, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. | ||||
| CVE-2022-40160 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | 6.5 Medium |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | ||||
| CVE-2022-40159 | 1 Apache | 1 Commons Jxpath | 2024-11-21 | 6.5 Medium |
| ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid. | ||||