Vulnerabilities (CVE)

Filtered by CWE-125
Total 7228 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23192 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-23191 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-23190 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-23130 2 Iconics, Mitsubishielectric 3 Genesis64, Hyper Historian, Mc Works64 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64.
CVE-2022-23124 2 Debian, Netatalk 2 Debian Linux, Netatalk 2024-11-21 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.
CVE-2022-23123 2 Debian, Netatalk 2 Debian Linux, Netatalk 2024-11-21 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.
CVE-2022-23097 2 Debian, Intel 2 Debian Linux, Connman 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
CVE-2022-23096 2 Debian, Intel 2 Debian Linux, Connman 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
CVE-2022-22844 3 Debian, Libtiff, Netapp 3 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
CVE-2022-22816 2 Debian, Python 2 Debian Linux, Pillow 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVE-2022-22664 1 Apple 3 Garageband, Logic Pro X, Macos 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
CVE-2022-22627 1 Apple 2 Mac Os X, Macos 2024-11-21 5.8 MEDIUM 7.1 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
CVE-2022-22626 1 Apple 2 Mac Os X, Macos 2024-11-21 5.8 MEDIUM 7.1 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
CVE-2022-22625 1 Apple 2 Mac Os X, Macos 2024-11-21 5.8 MEDIUM 7.1 HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
CVE-2022-22611 1 Apple 6 Ipados, Iphone Os, Itunes and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2022-22608 1 Apple 1 Xcode 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
CVE-2022-22607 1 Apple 1 Xcode 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
CVE-2022-22606 1 Apple 1 Xcode 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
CVE-2022-22605 1 Apple 1 Xcode 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
CVE-2022-22604 1 Apple 1 Xcode 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.