Filtered by CWE-131
Filtered by vendor Subscriptions
Total 174 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-41886 1 Google 1 Tensorflow 2024-11-21 4.8 Medium
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
CVE-2022-41885 1 Google 1 Tensorflow 2024-11-21 4.8 Medium
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
CVE-2022-39377 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 7 High
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
CVE-2022-33211 1 Qualcomm 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more 2024-11-21 9.8 Critical
memory corruption in modem due to improper check while calculating size of serialized CoAP message
CVE-2022-32651 2 Google, Mediatek 3 Android, Mt6879, Mt6983 2024-11-21 6.7 Medium
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225857; Issue ID: ALPS07225857.
CVE-2022-32650 2 Google, Mediatek 4 Android, Mt6879, Mt6895 and 1 more 2024-11-21 6.7 Medium
In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225853; Issue ID: ALPS07225853.
CVE-2022-32649 2 Google, Mediatek 3 Android, Mt6895, Mt6983 2024-11-21 6.7 Medium
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: ALPS07225840.
CVE-2022-32630 2 Google, Mediatek 6 Android, Mt6789, Mt6855 and 3 more 2024-11-21 6.7 Medium
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966.
CVE-2022-32624 2 Google, Mediatek 8 Android, Mt6789, Mt6855 and 5 more 2024-11-21 6.7 Medium
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.
CVE-2022-32618 2 Google, Mediatek 5 Android, Mt6833, Mt6873 and 2 more 2024-11-21 6.8 Medium
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454.
CVE-2022-32617 2 Google, Mediatek 6 Android, Mt6789, Mt6855 and 3 more 2024-11-21 6.8 Medium
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364.
CVE-2022-31630 2 Php, Redhat 2 Php, Enterprise Linux 2024-11-21 6.5 Medium
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 
CVE-2022-2873 5 Debian, Fedoraproject, Linux and 2 more 16 Debian Linux, Fedora, Linux Kernel and 13 more 2024-11-21 5.5 Medium
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.
CVE-2022-2520 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CVE-2022-26474 2 Google, Mediatek 6 Android, Mt6789, Mt6855 and 3 more 2024-11-21 6.7 Medium
In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717.
CVE-2022-25731 1 Qualcomm 26 Mdm8207, Mdm8207 Firmware, Mdm9205 and 23 more 2024-11-21 7.5 High
Information disclosure in modem due to buffer over-read while processing packets from DNS server
CVE-2022-22137 1 Accusoft 1 Imagegear 2024-11-21 6.5 Medium
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-4206 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Advanced Virtualization and 1 more 2024-11-21 8.2 High
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
CVE-2021-4155 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Rhel Aus and 6 more 2024-11-21 5.5 Medium
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
CVE-2021-45940 1 Libbpf Project 1 Libbpf 2024-11-21 6.5 Medium
libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).