Total
8221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25732 | 1 Qualcomm | 66 Ar8031, Ar8031 Firmware, Csra6620 and 63 more | 2024-11-21 | 8.2 High |
| Information disclosure in modem due to buffer over read in dns client due to missing length check | ||||
| CVE-2022-25731 | 1 Qualcomm | 26 Mdm8207, Mdm8207 Firmware, Mdm9205 and 23 more | 2024-11-21 | 7.5 High |
| Information disclosure in modem due to buffer over-read while processing packets from DNS server | ||||
| CVE-2022-25730 | 1 Qualcomm | 54 Mdm8207, Mdm8207 Firmware, Mdm9205 and 51 more | 2024-11-21 | 8.2 High |
| Information disclosure in modem due to improper check of IP type while processing DNS server query | ||||
| CVE-2022-25728 | 1 Qualcomm | 68 Ar8031, Ar8031 Firmware, Csra6620 and 65 more | 2024-11-21 | 8.2 High |
| Information disclosure in modem due to buffer over-read while processing response from DNS server | ||||
| CVE-2022-25726 | 1 Qualcomm | 52 Mdm8207, Mdm8207 Firmware, Mdm9205 and 49 more | 2024-11-21 | 8.2 High |
| Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet | ||||
| CVE-2022-25706 | 1 Qualcomm | 257 Apq8009w, Apq8009w Firmware, Apq8017 and 254 more | 2024-11-21 | 8.2 High |
| Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2022-25670 | 1 Qualcomm | 251 Apq8009, Apq8009 Firmware, Apq8009w and 248 more | 2024-11-21 | 7.5 High |
| Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2022-25669 | 1 Qualcomm | 281 Apq8009, Apq8009 Firmware, Apq8009w and 278 more | 2024-11-21 | 7.5 High |
| Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2022-25653 | 1 Qualcomm | 179 Apq8053, Apq8053 Firmware, Aqt1000 and 176 more | 2024-11-21 | 6.8 Medium |
| Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2022-24971 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15812. | ||||
| CVE-2022-24370 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 6.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14819. | ||||
| CVE-2022-24358 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15703. | ||||
| CVE-2022-24356 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OnMouseExit method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14848. | ||||
| CVE-2022-24315 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 7.5 High |
| A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-24314 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 7.5 High |
| A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-24198 | 1 Itextpdf | 1 Itext | 2024-11-21 | 6.5 Medium |
| iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable. | ||||
| CVE-2022-24060 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-11-21 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15099. | ||||
| CVE-2022-24055 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-11-21 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14972. | ||||
| CVE-2022-23937 | 1 Windriver | 1 Vxworks | 2024-11-21 | 5.3 Medium |
| In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. | ||||
| CVE-2022-23805 | 2 Microsoft, Trendmicro | 2 Windows, Worry-free Business Security | 2024-11-21 | 7.1 High |
| A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||