ReportizFlow
Filtered by vendor
Subscriptions
Total
527 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33886 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2024-11-21 | 7.8 High |
| A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code. | ||||
| CVE-2022-33748 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 5.6 Medium |
| lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. | ||||
| CVE-2022-32990 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | ||||
| CVE-2022-32659 | 2 Mediatek, Thelinuxfoundation | 25 Mt7603, Mt7603 Firmware, Mt7613 and 22 more | 2024-11-21 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066. | ||||
| CVE-2022-32658 | 1 Mediatek | 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more | 2024-11-21 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059. | ||||
| CVE-2022-32657 | 1 Mediatek | 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more | 2024-11-21 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042. | ||||
| CVE-2022-32655 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2024-11-21 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. | ||||
| CVE-2022-32264 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 High |
| sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-31799 | 3 Bottlepy, Debian, Fedoraproject | 3 Bottle, Debian Linux, Fedora | 2024-11-21 | 9.8 Critical |
| Bottle before 0.12.20 mishandles errors during early request binding. | ||||
| CVE-2022-31152 | 1 Matrix | 1 Synapse | 2024-11-21 | 6.4 Medium |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. | ||||
| CVE-2022-30727 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | ||||
| CVE-2022-30725 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30724 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30723 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30716 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | ||||
| CVE-2022-29617 | 1 Sap | 1 Contributor License Agreement Assistant | 2024-11-21 | 6.5 Medium |
| Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | ||||
| CVE-2022-29493 | 1 Intel | 248 Baseboard Management Controller Firmware, C252, C256 and 245 more | 2024-11-21 | 4.5 Medium |
| Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access. | ||||
| CVE-2022-29017 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. | ||||
| CVE-2022-27978 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 7.5 High |
| Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | ||||
| CVE-2022-27872 | 1 Autodesk | 1 Navisworks | 2024-11-21 | 7.8 High |
| A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code. | ||||