Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34290 | 1 Siemens | 1 Pads Viewer | 2023-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055) | |||||
| CVE-2022-32959 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2023-06-29 | N/A | 6.8 MEDIUM |
| HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | |||||
| CVE-2022-30938 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Ip Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more | 2023-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition | |||||
| CVE-2022-30937 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more | 2023-06-29 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition. | |||||
| CVE-2022-1238 | 1 Radare | 1 Radare2 | 2023-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | |||||
| CVE-2022-21926 | 1 Microsoft | 1 Hevc Video Extensions | 2023-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-24457 | 1 Microsoft | 1 Heif Image Extension | 2023-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEIF Image Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-24456 | 1 Microsoft | 1 Hevc Video Extensions | 2023-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-24453 | 1 Microsoft | 1 Hevc Video Extensions | 2023-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-22007 | 1 Microsoft | 1 Hevc Video Extensions | 2023-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-22006 | 1 Microsoft | 1 Hevc Video Extensions | 2023-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-29465 | 1 Accusoft | 1 Imagegear | 2023-06-28 | N/A | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2023-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-29210 | 1 Google | 1 Tensorflow | 2023-06-28 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. | |||||
| CVE-2023-32273 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2023-06-28 | N/A | 7.8 HIGH |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201. | |||||
| CVE-2023-32276 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2023-06-28 | N/A | 7.8 HIGH |
| Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2023-20985 | 1 Google | 1 Android | 2023-06-28 | N/A | 7.8 HIGH |
| In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245915315 | |||||
| CVE-2023-0970 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2023-06-28 | N/A | 6.8 MEDIUM |
| Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | |||||
| CVE-2022-28196 | 1 Nvidia | 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more | 2023-06-28 | 3.6 LOW | 4.6 MEDIUM |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. The scope of impact can extend to other components. | |||||
| CVE-2022-28193 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2023-06-28 | 4.6 MEDIUM | 5.6 MEDIUM |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. | |||||