| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-47967 |
119 |
|
Exec Code Overflow Mem. Corr. |
2023-01-10 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process. |
|
2 |
CVE-2022-47935 |
119 |
|
Exec Code Overflow Mem. Corr. |
2023-01-10 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078) |
|
3 |
CVE-2022-46885 |
787 |
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106. |
|
4 |
CVE-2022-46883 |
|
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107. |
|
5 |
CVE-2022-46881 |
|
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6. |
|
6 |
CVE-2022-46879 |
|
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. |
|
7 |
CVE-2022-46878 |
|
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. |
|
8 |
CVE-2022-46700 |
787 |
|
Exec Code Mem. Corr. |
2022-12-15 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
9 |
CVE-2022-46699 |
787 |
|
Exec Code Mem. Corr. |
2022-12-15 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
10 |
CVE-2022-46696 |
787 |
|
Exec Code Mem. Corr. |
2022-12-15 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
11 |
CVE-2022-45869 |
362 |
|
DoS Mem. Corr. |
2022-11-30 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. |
|
12 |
CVE-2022-45421 |
|
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. |
|
13 |
CVE-2022-44898 |
787 |
|
DoS Mem. Corr. |
2022-12-14 |
2022-12-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. |
|
14 |
CVE-2022-44789 |
119 |
|
Exec Code Overflow Mem. Corr. |
2022-11-23 |
2022-12-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. |
|
15 |
CVE-2022-44650 |
787 |
|
Exec Code Mem. Corr. |
2022-12-12 |
2022-12-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
16 |
CVE-2022-43598 |
122 |
|
Exec Code Mem. Corr. |
2022-12-22 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. |
|
17 |
CVE-2022-43597 |
122 |
|
Exec Code Mem. Corr. |
2022-12-22 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`. |
|
18 |
CVE-2022-42944 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
19 |
CVE-2022-42943 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
20 |
CVE-2022-42942 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
21 |
CVE-2022-42941 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
22 |
CVE-2022-42940 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
23 |
CVE-2022-42939 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
24 |
CVE-2022-42938 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
25 |
CVE-2022-42937 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
26 |
CVE-2022-42936 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
27 |
CVE-2022-42935 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
28 |
CVE-2022-42934 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
29 |
CVE-2022-42933 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
30 |
CVE-2022-42932 |
|
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106. |
|
31 |
CVE-2022-42928 |
|
|
Mem. Corr. |
2022-12-22 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106. |
|
32 |
CVE-2022-42863 |
787 |
|
Exec Code Mem. Corr. |
2022-12-15 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
33 |
CVE-2022-42820 |
|
|
Exec Code Mem. Corr. |
2022-11-01 |
2022-11-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution. |
|
34 |
CVE-2022-42775 |
667 |
|
DoS Mem. Corr. |
2022-12-06 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. |
|
35 |
CVE-2022-42754 |
416 |
|
DoS Mem. Corr. |
2022-12-06 |
2022-12-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. |
|
36 |
CVE-2022-42519 |
787 |
|
Exec Code Mem. Corr. |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A |
|
37 |
CVE-2022-42377 |
|
|
Exec Code Mem. Corr. |
2023-01-26 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630. |
|
38 |
CVE-2022-42309 |
763 |
|
Mem. Corr. |
2022-11-01 |
2022-11-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. |
|
39 |
CVE-2022-41992 |
787 |
|
Mem. Corr. |
2022-12-16 |
2022-12-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability. |
|
40 |
CVE-2022-41837 |
787 |
|
Mem. Corr. |
2022-12-22 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. |
|
41 |
CVE-2022-41745 |
125 |
|
Exec Code Mem. Corr. |
2022-10-10 |
2022-10-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
42 |
CVE-2022-41686 |
125 |
|
Mem. Corr. |
2022-10-14 |
2022-10-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption. |
|
43 |
CVE-2022-41639 |
122 |
|
Exec Code Overflow Mem. Corr. |
2022-12-22 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. |
|
44 |
CVE-2022-41310 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
45 |
CVE-2022-41309 |
787 |
|
Exec Code Mem. Corr. |
2022-10-21 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
46 |
CVE-2022-41308 |
787 |
|
Exec Code Mem. Corr. |
2022-10-14 |
2022-10-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
47 |
CVE-2022-41307 |
787 |
|
Exec Code Mem. Corr. |
2022-10-14 |
2022-10-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
48 |
CVE-2022-41306 |
787 |
|
Exec Code Mem. Corr. |
2022-10-14 |
2022-10-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
49 |
CVE-2022-41305 |
787 |
|
Exec Code Mem. Corr. |
2022-10-14 |
2022-10-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
|
50 |
CVE-2022-41301 |
787 |
|
Exec Code Mem. Corr. |
2022-10-03 |
2022-12-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
