Total
2632 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35977 | 1 Redis | 1 Redis | 2024-11-21 | N/A | 5.5 MEDIUM |
| Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-35951 | 2 Fedoraproject, Redis | 2 Fedora, Redis | 2024-11-21 | N/A | 7.0 HIGH |
| Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. | |||||
| CVE-2022-35940 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 5.9 MEDIUM |
| TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-35289 | 1 Facebook | 1 Hermes | 2024-11-21 | N/A | 9.8 CRITICAL |
| A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2022-34843 | 1 Intel | 1 Trace Analyzer And Collector | 2024-11-21 | N/A | 4.8 MEDIUM |
| Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34612 | 1 Rizin | 1 Rizin | 2024-11-21 | N/A | 5.5 MEDIUM |
| Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary. | |||||
| CVE-2022-33719 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.6 HIGH |
| Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. | |||||
| CVE-2022-33296 | 1 Qualcomm | 228 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 225 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. | |||||
| CVE-2022-33282 | 1 Qualcomm | 40 Msm8996au, Msm8996au Firmware, Qam8295p and 37 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. | |||||
| CVE-2022-33269 | 1 Qualcomm | 202 Aqt1000, Aqt1000 Firmware, Ar8035 and 199 more | 2024-11-21 | N/A | 9.3 CRITICAL |
| Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. | |||||
| CVE-2022-33248 | 1 Qualcomm | 324 Apq8009, Apq8009 Firmware, Apq8009w and 321 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http. | |||||
| CVE-2022-33068 | 2 Fedoraproject, Harfbuzz Project | 2 Fedora, Harfbuzz | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2022-33065 | 1 Libsndfile Project | 1 Libsndfile | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. | |||||
| CVE-2022-32775 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-32546 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | |||||
| CVE-2022-32545 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | |||||
| CVE-2022-32543 | 1 Estsoft | 1 Alyac | 2024-11-21 | N/A | 7.8 HIGH |
| An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-32073 | 1 Wolfssh | 1 Wolfssh | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. | |||||
| CVE-2022-31789 | 1 Watchguard | 1 Fireware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | |||||
| CVE-2022-31600 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components. | |||||