Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5059 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5060 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2019-5038 | 1 Openweave | 1 Openweave-core | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. | |||||
| CVE-2019-5039 | 1 Openweave | 1 Openweave-core | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability. | |||||
| CVE-2019-5041 | 1 Aspose | 1 Aspose.words | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability. | |||||
| CVE-2019-5045 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5046 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5048 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5050 | 1 Gonitro | 1 Nitropdf | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | |||||
| CVE-2019-5088 | 1 Investintech | 1 Able2extract | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file. | |||||
| CVE-2022-26302 | 1 Fujielectric | 1 V-sft | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-30538 | 1 Fujielectric | 1 Monitouch V-sft | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2021-41458 | 1 Gpac | 1 Mp4box | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | |||||
| CVE-2021-40036 | 1 Huawei | 1 Harmonyos | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution. | |||||
| CVE-2022-30649 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-20233 | 1 Google | 1 Android | 2022-06-24 | 7.2 HIGH | 6.7 MEDIUM |
| In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A | |||||
| CVE-2022-20209 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 | |||||
| CVE-2022-20202 | 1 Google | 1 Android | 2022-06-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204704614 | |||||
| CVE-2022-20183 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A | |||||
| CVE-2022-20178 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A | |||||