Total
3192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48657 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. | |||||
| CVE-2022-48475 | 1 Cbm | 1 Control De Ciber | 2024-11-21 | N/A | 8.2 HIGH |
| Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request. | |||||
| CVE-2022-47990 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556. | |||||
| CVE-2022-46824 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2024-11-21 | N/A | 5.6 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. | |||||
| CVE-2022-46527 | 1 Elsys | 2 Ers 1.5, Ers 1.5 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser. | |||||
| CVE-2022-44455 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-11-21 | N/A | 6.8 MEDIUM |
| The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. | |||||
| CVE-2022-43507 | 1 Intel | 1 Quickassist Technology Engine | 2024-11-21 | N/A | 7.5 HIGH |
| Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-43392 | 1 Zyxel | 96 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 93 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request. | |||||
| CVE-2022-43391 | 1 Zyxel | 96 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 93 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. | |||||
| CVE-2022-43389 | 1 Zyxel | 34 Ep240p, Ep240p Firmware, Lte3202-m437 and 31 more | 2024-11-21 | N/A | 8.6 HIGH |
| A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | |||||
| CVE-2022-42431 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17544. | |||||
| CVE-2022-42283 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 6.4 MEDIUM |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||||
| CVE-2022-42274 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||||
| CVE-2022-42273 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | |||||
| CVE-2022-42272 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges. | |||||
| CVE-2022-42271 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 8.4 HIGH |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution | |||||
| CVE-2022-42262 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-11-21 | N/A | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. | |||||
| CVE-2022-42261 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. | |||||
| CVE-2022-41894 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41030 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no wlan filter mac address WORD descript WORD' command template. | |||||