Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22433 | 2 Ibm, Microsoft | 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156. | |||||
| CVE-2022-24098 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file. | |||||
| CVE-2022-20156 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | |||||
| CVE-2022-24299 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. | |||||
| CVE-2021-26370 | 1 Amd | 98 Epyc 7002, Epyc 7002 Firmware, Epyc 7232p and 95 more | 2024-02-04 | 6.6 MEDIUM | 7.1 HIGH |
| Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. | |||||
| CVE-2020-25721 | 1 Samba | 1 Samba | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. | |||||
| CVE-2022-29193 | 1 Google | 1 Tensorflow | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2021-35092 | 1 Qualcomm | 166 Apq8053, Apq8053 Firmware, Apq8096au and 163 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2022-0675 | 1 Puppet | 1 Firewall | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. | |||||
| CVE-2021-42786 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected. | |||||
| CVE-2021-26630 | 2 Handysoft, Microsoft | 2 Groupware, Windows | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function. | |||||
| CVE-2022-24926 | 1 Samsung | 1 Smarttagplugin | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. | |||||
| CVE-2022-20761 | 1 Cisco | 1 Ios | 2024-02-04 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation. | |||||
| CVE-2022-23992 | 1 Broadcom | 1 Xcom Data Transport | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | |||||
| CVE-2022-22539 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. | |||||
| CVE-2021-4120 | 2 Canonical, Fedoraproject | 3 Snapd, Ubuntu Linux, Fedora | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | |||||
| CVE-2021-0156 | 2 Intel, Netapp | 1358 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1355 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0176 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-25161 | 2 Mitsubhishielectric, Mitsubishielectric | 194 Melsec Iq-fx5u-32mr\/ds, Melsec Iq-fx5u-32mr\/ds Firmware, Melsec Iq-fx5u-32mr\/dss and 191 more | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
| Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery. | |||||
| CVE-2021-26631 | 1 Mangboard | 1 Commerce | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order. | |||||