Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20178 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A | |||||
| CVE-2022-20177 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A | |||||
| CVE-2022-20175 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A | |||||
| CVE-2022-20174 | 1 Google | 1 Android | 2022-06-24 | 2.1 LOW | 4.4 MEDIUM |
| In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A | |||||
| CVE-2022-20173 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A | |||||
| CVE-2022-20171 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A | |||||
| CVE-2022-20170 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A | |||||
| CVE-2022-20169 | 1 Google | 1 Android | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A | |||||
| CVE-2022-20168 | 1 Google | 1 Android | 2022-06-24 | 7.8 HIGH | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A | |||||
| CVE-2022-20167 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A | |||||
| CVE-2022-20142 | 1 Google | 1 Android | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962 | |||||
| CVE-2022-20140 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988 | |||||
| CVE-2022-20166 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel | |||||
| CVE-2022-20165 | 1 Google | 1 Android | 2022-06-24 | 4.9 MEDIUM | 4.4 MEDIUM |
| In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A | |||||
| CVE-2022-20162 | 1 Google | 1 Android | 2022-06-24 | 4.9 MEDIUM | 4.4 MEDIUM |
| In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A | |||||
| CVE-2022-20154 | 1 Google | 1 Android | 2022-06-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel | |||||
| CVE-2022-27220 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | |||||
| CVE-2021-42732 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788) | |||||
| CVE-2022-32151 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
| CVE-2022-1342 | 1 Devolutions | 1 Remote Desktop Manager | 2022-06-24 | 2.1 LOW | 4.6 MEDIUM |
| A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | |||||
| CVE-2022-32152 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-24 | 6.5 MEDIUM | 7.2 HIGH |
| Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
| CVE-2022-32154 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-24 | 4.0 MEDIUM | 8.1 HIGH |
| Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will. | |||||
| CVE-2022-32153 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-24 | 6.8 MEDIUM | 8.1 HIGH |
| Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
| CVE-2022-32156 | 1 Splunk | 2 Splunk, Universal Forwarder | 2022-06-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, connections from misconfigured nodes without valid certificates did not fail by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI) to enable the remediation. | |||||
| CVE-2022-32155 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services. | |||||
| CVE-2022-32157 | 1 Splunk | 1 Splunk | 2022-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation. | |||||
| CVE-2021-40727 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-24 | 9.3 HIGH | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788 | |||||
| CVE-2021-30340 | 1 Qualcomm | 106 Ar8035, Ar8035 Firmware, Qca6390 and 103 more | 2022-06-24 | 7.8 HIGH | 7.5 HIGH |
| Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-20164 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A | |||||
| CVE-2022-20160 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A | |||||
| CVE-2022-20159 | 1 Google | 1 Android | 2022-06-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A | |||||
| CVE-2022-20152 | 1 Google | 1 Android | 2022-06-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006198References: N/A | |||||
| CVE-2021-30342 | 1 Qualcomm | 190 Apq8009w, Apq8009w Firmware, Apq8017 and 187 more | 2022-06-23 | 7.1 HIGH | 5.9 MEDIUM |
| Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-20151 | 1 Google | 1 Android | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A | |||||
| CVE-2021-30343 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, Qca6390 and 125 more | 2022-06-23 | 7.1 HIGH | 5.9 MEDIUM |
| Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30334 | 1 Qualcomm | 262 Apq8009w, Apq8009w Firmware, Aqt1000 and 259 more | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-31066 | 1 Edgexfoundry | 1 Edgex Foundry | 2022-06-23 | 3.6 LOW | 4.4 MEDIUM |
| EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More information about which go modules, docker containers, and snaps contain patches is available in the GitHub Security Advisory. There are currently no known workarounds for this issue. | |||||
| CVE-2022-20149 | 1 Google | 1 Android | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A | |||||
| CVE-2022-20148 | 1 Google | 1 Android | 2022-06-23 | 6.9 MEDIUM | 6.4 MEDIUM |
| In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel | |||||
| CVE-2022-20147 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105 | |||||
| CVE-2021-35118 | 1 Qualcomm | 200 Apq8053, Apq8053 Firmware, Aqt1000 and 197 more | 2022-06-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | |||||
| CVE-2022-20146 | 1 Google | 1 Android | 2022-06-23 | 2.1 LOW | 5.5 MEDIUM |
| In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A | |||||
| CVE-2021-35119 | 1 Qualcomm | 166 Aqt1000, Aqt1000 Firmware, Ar8035 and 163 more | 2022-06-23 | 2.1 LOW | 5.5 MEDIUM |
| Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-20141 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel | |||||
| CVE-2022-2087 | 1 Bank Management System Project | 1 Bank Management System | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-35121 | 1 Qualcomm | 88 Apq8053, Apq8053 Firmware, Msm8953 and 85 more | 2022-06-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-27219 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | |||||
| CVE-2022-2086 | 1 Bank Management System Project | 1 Bank Management System | 2022-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-31047 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | |||||