Total
12439 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41900 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1. | |||||
| CVE-2022-41854 | 2 Fedoraproject, Snakeyaml Project | 2 Fedora, Snakeyaml | 2024-11-21 | N/A | 5.8 MEDIUM |
| Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | |||||
| CVE-2022-41802 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-11-21 | N/A | 4.0 MEDIUM |
| Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | |||||
| CVE-2022-41793 | 1 Openbabel | 1 Open Babel | 2024-11-21 | N/A | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-41743 | 1 F5 | 2 Nginx Ingress Controller, Nginx Plus | 2024-11-21 | N/A | 7.0 HIGH |
| NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module. | |||||
| CVE-2022-41742 | 3 Debian, F5, Fedoraproject | 4 Debian Linux, Nginx, Nginx Ingress Controller and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. | |||||
| CVE-2022-41741 | 3 Debian, F5, Fedoraproject | 4 Debian Linux, Nginx, Nginx Ingress Controller and 1 more | 2024-11-21 | N/A | 7.0 HIGH |
| NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. | |||||
| CVE-2022-41686 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-11-21 | N/A | 5.1 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption. | |||||
| CVE-2022-41664 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-41660 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2022-41602 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 3.4 LOW |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | |||||
| CVE-2022-41528 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. | |||||
| CVE-2022-41527 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. | |||||
| CVE-2022-41526 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. | |||||
| CVE-2022-41524 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. | |||||
| CVE-2022-41523 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. | |||||
| CVE-2022-41522 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. | |||||
| CVE-2022-41521 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. | |||||
| CVE-2022-41520 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. | |||||
| CVE-2022-41517 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function | |||||