Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26455 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177858; Issue ID: ALPS07177858. | |||||
| CVE-2022-26457 | 2 Google, Mediatek | 12 Android, Mt6769, Mt6781 and 9 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138490; Issue ID: ALPS07138490. | |||||
| CVE-2022-26458 | 2 Google, Mediatek | 12 Android, Mt6853, Mt6855 and 9 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032678; Issue ID: ALPS07032678. | |||||
| CVE-2022-26460 | 2 Google, Mediatek | 15 Android, Mt6833, Mt6853 and 12 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032590; Issue ID: ALPS07032590. | |||||
| CVE-2022-26464 | 2 Google, Mediatek | 15 Android, Mt6833, Mt6853 and 12 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032699; Issue ID: ALPS07032699. | |||||
| CVE-2022-26465 | 3 Google, Mediatek, Yoctoproject | 22 Android, Mt6779, Mt6781 and 19 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558799; Issue ID: ALPS06558799. | |||||
| CVE-2022-2402 | 1 Eset | 2 Endpoint Encryption, Full Disk Encryption | 2022-09-09 | N/A | 6.5 MEDIUM |
| The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD. | |||||
| CVE-2022-26470 | 2 Google, Mediatek | 12 Android, Mt6879, Mt6895 and 9 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07116037; Issue ID: ALPS07116037. | |||||
| CVE-2022-26468 | 2 Google, Mediatek | 45 Android, Mt6735, Mt6739 and 42 more | 2022-09-09 | N/A | 6.6 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07168125; Issue ID: ALPS07168125. | |||||
| CVE-2022-26467 | 2 Google, Mediatek | 38 Android, Mt6580, Mt6735 and 35 more | 2022-09-09 | N/A | 6.7 MEDIUM |
| In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07167738; Issue ID: ALPS07167738. | |||||
| CVE-2022-1888 | 1 Fujielectric | 2 Alpha7 Pc Loader, Alpha7 Pc Loader Firmware | 2022-09-07 | N/A | 7.8 HIGH |
| Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-1841 | 1 Zephyrproject | 1 Zephyr | 2022-09-07 | N/A | 5.3 MEDIUM |
| In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | |||||
| CVE-2022-36054 | 1 Contiki-ng | 1 Contiki-ng | 2022-09-07 | N/A | 8.8 HIGH |
| Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. | |||||
| CVE-2022-2044 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2022-09-06 | N/A | 8.2 HIGH |
| MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | |||||
| CVE-2022-2043 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2022-09-06 | N/A | 7.5 HIGH |
| MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | |||||
| CVE-2022-1115 | 1 Imagemagick | 1 Imagemagick | 2022-09-06 | N/A | 5.5 MEDIUM |
| A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. | |||||
| CVE-2022-2892 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. | |||||
| CVE-2022-36571 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 7.2 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. | |||||
| CVE-2022-36570 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 7.2 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. | |||||
| CVE-2022-36569 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 8.8 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. | |||||