Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2785 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c | |||||
| CVE-2022-2206 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2287 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2286 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2126 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2183 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2257 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2816 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-07 | N/A | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. | |||||
| CVE-2022-27942 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. | |||||
| CVE-2022-28274 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-11-07 | 9.3 HIGH | N/A |
| Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28268 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-07 | 4.3 MEDIUM | N/A |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28231 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-07 | 9.3 HIGH | N/A |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by an out-of-bounds read vulnerability when processing a doc object, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27940 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | |||||
| CVE-2022-27941 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. | |||||
| CVE-2022-23645 | 3 Fedoraproject, Redhat, Swtpm Project | 3 Fedora, Enterprise Linux, Swtpm | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds. | |||||
| CVE-2022-26280 | 2 Fedoraproject, Libarchive | 2 Fedora, Libarchive | 2023-11-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | |||||
| CVE-2022-20823 | 1 Cisco | 294 Nexus 3016, Nexus 3016 Firmware, Nexus 3016q and 291 more | 2023-11-07 | N/A | 8.6 HIGH |
| A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory. | |||||
| CVE-2022-21239 | 1 Intel | 1 Quickassist Technology | 2023-11-07 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-1587 | 4 Fedoraproject, Netapp, Pcre and 1 more | 17 Fedora, Active Iq Unified Manager, H300s and 14 more | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. | |||||
| CVE-2022-1623 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. | |||||