Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43304 | 2 Debian, Yandex | 2 Debian Linux, Clickhouse | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. | |||||
| CVE-2022-39129 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-39106 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-39132 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-12-07 | N/A | 5.5 MEDIUM |
| In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-32917 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-12-07 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2022-32894 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-12-07 | N/A | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2020-21680 | 1 Fig2dev Project | 1 Fig2dev | 2022-12-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | |||||
| CVE-2021-21944 | 1 Accusoft | 1 Imagegear | 2022-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the first 12 bits from local variable. | |||||
| CVE-2021-21945 | 1 Accusoft | 1 Imagegear | 2022-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the second 12 bits from local variable. | |||||
| CVE-2021-21946 | 1 Accusoft | 1 Imagegear | 2022-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is lower than 9. | |||||
| CVE-2022-32622 | 2 Google, Mediatek | 7 Android, Mt6789, Mt6855 and 4 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786. | |||||
| CVE-2022-32621 | 2 Google, Mediatek | 3 Android, Mt6895, Mt6983 | 2022-12-06 | N/A | 6.4 MEDIUM |
| In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829. | |||||
| CVE-2022-32620 | 2 Google, Mediatek | 9 Android, Mt6781, Mt6789 and 6 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753. | |||||
| CVE-2022-32626 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6765 and 22 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326239; Issue ID: ALPS07326239. | |||||
| CVE-2022-32625 | 2 Google, Mediatek | 26 Android, Mt6761, Mt6765 and 23 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216. | |||||
| CVE-2022-32596 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213. | |||||
| CVE-2022-32597 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | |||||
| CVE-2022-32598 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. | |||||
| CVE-2022-32619 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659. | |||||
| CVE-2022-32594 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2022-12-06 | N/A | 6.7 MEDIUM |
| In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207. | |||||