Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35134 | 1 Qualcomm | 59 Qca6391, Qca6391 Firmware, Qcm6490 and 56 more | 2023-04-19 | N/A | 8.4 HIGH |
| Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2019-19282 | 1 Siemens | 6 Openpcs 7, Simatic Batch, Simatic Net Pc and 3 more | 2023-04-11 | 7.1 HIGH | 7.5 HIGH |
| A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction. | |||||
| CVE-2022-2520 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-02-28 | N/A | 6.5 MEDIUM |
| A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | |||||
| CVE-2021-40052 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-01-19 | 7.8 HIGH | 7.5 HIGH |
| There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2020-36475 | 3 Arm, Debian, Siemens | 14 Mbed Tls, Debian Linux, Logo\! Cmr2020 and 11 more | 2023-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. | |||||
| CVE-2022-41885 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41907 | 1 Google | 1 Tensorflow | 2022-11-23 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41887 | 1 Google | 1 Tensorflow | 2022-11-22 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched the issue in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1 and 2.9.3, as these are also affected and still in supported range. However, we will not cherrypick this commit into TensorFlow 2.8.x, as it depends on Eigen behavior that changed between 2.8 and 2.9. | |||||
| CVE-2022-41886 | 1 Google | 1 Tensorflow | 2022-11-22 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-26474 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. | |||||
| CVE-2021-4155 | 1 Linux | 1 Linux Kernel | 2022-08-29 | N/A | 5.5 MEDIUM |
| A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | |||||
| CVE-2021-21776 | 1 Accusoft | 1 Imagegear | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13585 | 1 Accusoft | 1 Imagegear | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-27378 | 1 Rand Core Project | 1 Rand Core | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. | |||||
| CVE-2020-13546 | 1 Softmaker | 1 Office Textmaker 2021 | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | |||||
| CVE-2018-4038 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | |||||
| CVE-2021-38423 | 1 Gurum | 1 Gurumdds | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. | |||||
| CVE-2020-6116 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6106 | 1 F2fs-tools Project | 1 F2fs-tools | 2022-05-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-6108 | 1 F2fs-tools Project | 1 F2fs-tools | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||