Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39676 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 | |||||
| CVE-2022-29154 | 2 Fedoraproject, Samba | 2 Fedora, Rsync | 2023-08-08 | N/A | 7.4 HIGH |
| An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | |||||
| CVE-2021-30713 | 1 Apple | 2 Mac Os X, Macos | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2022-35404 | 1 Zohocorp | 4 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 1 more | 2023-08-08 | N/A | 8.2 HIGH |
| ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | |||||
| CVE-2021-41844 | 1 Crocoblock | 1 Jetengine | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | |||||
| CVE-2022-20129 | 1 Google | 1 Android | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | |||||
| CVE-2022-20542 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083570 | |||||
| CVE-2022-29850 | 1 Lexmark | 234 B2236, B2236 Firmware, B2338 and 231 more | 2023-08-08 | N/A | 8.1 HIGH |
| Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | |||||
| CVE-2022-23992 | 1 Broadcom | 1 Xcom Data Transport | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | |||||
| CVE-2021-35092 | 1 Qualcomm | 166 Apq8053, Apq8053 Firmware, Apq8096au and 163 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-45116 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | |||||
| CVE-2021-0928 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | |||||
| CVE-2022-46701 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges. | |||||
| CVE-2021-0933 | 1 Google | 1 Android | 2023-08-08 | 7.9 HIGH | 8.0 HIGH |
| In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 | |||||
| CVE-2022-22588 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. | |||||
| CVE-2021-21978 | 1 Vmware | 1 View Planner | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. | |||||
| CVE-2022-40773 | 1 Zohocorp | 2 Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2023-08-08 | N/A | 8.8 HIGH |
| Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | |||||
| CVE-2021-21126 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | |||||
| CVE-2022-33216 | 1 Qualcomm | 36 Qam8295p, Qam8295p Firmware, Qca6574a and 33 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file. | |||||
| CVE-2022-33876 | 1 Fortinet | 1 Fortiadc | 2023-08-08 | N/A | 6.5 MEDIUM |
| Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. | |||||
| CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | |||||
| CVE-2022-45725 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | |||||
| CVE-2022-40502 | 1 Qualcomm | 192 Csr8811, Csr8811 Firmware, Ipq5010 and 189 more | 2023-08-08 | N/A | 7.5 HIGH |
| Transient DOS due to improper input validation in WLAN Host. | |||||
| CVE-2022-35893 | 1 Insyde | 1 Insydeh2o | 2023-08-08 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-40017 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-08 | N/A | 9.8 CRITICAL |
| The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. | |||||
| CVE-2022-29494 | 1 Intel | 58 C621a, C627a, C629a and 55 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-34146 | 1 Qualcomm | 194 Csr8811, Csr8811 Firmware, Ipq5010 and 191 more | 2023-08-08 | N/A | 7.5 HIGH |
| Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation. | |||||
| CVE-2022-28692 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. | |||||
| CVE-2022-20507 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179 | |||||
| CVE-2022-20037 | 2 Google, Mediatek | 57 Android, Mt6735, Mt6737 and 54 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. | |||||
| CVE-2022-20019 | 2 Google, Mediatek | 40 Android, Mt6595, Mt6735 and 37 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. | |||||
| CVE-2022-29892 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | |||||
| CVE-2022-35896 | 1 Insyde | 1 Insydeh2o | 2023-08-08 | N/A | 6.0 MEDIUM |
| An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure. | |||||
| CVE-2022-20036 | 2 Google, Mediatek | 56 Android, Mt6735, Mt6737 and 53 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. | |||||
| CVE-2021-0511 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | |||||
| CVE-2022-38099 | 1 Intel | 16 Nuc11dbbi7, Nuc11dbbi7 Firmware, Nuc11dbbi9 and 13 more | 2023-08-08 | N/A | 7.8 HIGH |
| Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-20020 | 2 Google, Mediatek | 28 Android, Mt6739, Mt6768 and 25 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906. | |||||
| CVE-2022-24521 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-27421 | 1 Chamilo | 1 Chamilo Lms | 2023-08-08 | 6.5 MEDIUM | 7.2 HIGH |
| Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | |||||
| CVE-2022-27807 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. | |||||
| CVE-2022-36448 | 1 Insyde | 1 Insydeh2o | 2023-08-08 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. | |||||
| CVE-2022-20017 | 2 Google, Mediatek | 26 Android, Mt6765, Mt6785 and 23 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. | |||||
| CVE-2021-26351 | 1 Amd | 98 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3300g and 95 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | |||||
| CVE-2021-45687 | 1 Raw-cpuid Project | 1 Raw-cpuid | 2023-08-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic. | |||||
| CVE-2023-32302 | 1 Silverstripe | 1 Framework | 2023-08-07 | N/A | 8.1 HIGH |
| Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13. | |||||
| CVE-2022-43713 | 1 Gxsoftware | 1 Xperiencentral | 2023-08-04 | N/A | 7.5 HIGH |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed. | |||||
| CVE-2021-31198 | 1 Microsoft | 1 Exchange Server | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-43908 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-07-28 | N/A | 6.5 MEDIUM |
| IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903. | |||||
| CVE-2023-38495 | 2023-07-28 | N/A | N/A | ||
| Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0. As a workaround, only use images from trusted sources and keep Package editing/creating privileges to administrators only. | |||||
| CVE-2023-27961 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2023-07-27 | N/A | 5.5 MEDIUM |
| Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. | |||||