Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31601 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | |||||
| CVE-2022-31602 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.4 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. | |||||
| CVE-2022-28200 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-12 | 4.6 MEDIUM | 8.2 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2021-42069 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-07-12 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | |||||
| CVE-2021-43247 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Windows TCP/IP Driver Elevation of Privilege Vulnerability | |||||
| CVE-2020-1020 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938. | |||||
| CVE-2022-32032 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-07-09 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. | |||||
| CVE-2021-1106 | 1 Nvidia | 10 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 7 more | 2022-07-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system. | |||||
| CVE-2020-7881 | 2 Afreecatv, Microsoft | 2 Afreecatv, Windows | 2022-07-08 | 6.5 MEDIUM | 8.8 HIGH |
| The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. | |||||
| CVE-2022-33087 | 1 Tp-link | 4 Archer A5, Archer A5 Firmware, Archer C50 and 1 more | 2022-07-08 | 7.8 HIGH | 7.5 HIGH |
| A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2021-3434 | 1 Zephyrproject | 1 Zephyr | 2022-07-08 | 4.6 MEDIUM | 7.8 HIGH |
| Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm | |||||
| CVE-2022-24893 | 1 Espressif | 1 Esp-idf | 2022-07-08 | 8.3 HIGH | 8.8 HIGH |
| ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. | |||||
| CVE-2022-33108 | 1 Xpdfreader | 1 Xpdf | 2022-07-08 | 6.8 MEDIUM | 7.8 HIGH |
| XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. | |||||
| CVE-2021-40942 | 1 Gpac | 1 Gpac | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
| CVE-2022-33007 | 1 Trendnet | 4 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 1 more | 2022-07-07 | 5.8 MEDIUM | 8.8 HIGH |
| TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. | |||||
| CVE-2021-33647 | 1 Mindspore | 1 Mindspore | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. | |||||
| CVE-2021-32995 | 1 Hornerautomation | 1 Cscape | 2022-07-02 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-07-02 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
| CVE-2020-15800 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2022-07-01 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily. | |||||
| CVE-2021-41987 | 1 Mikrotik | 1 Routeros | 2022-06-30 | 6.8 MEDIUM | 8.1 HIGH |
| In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10. | |||||