Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0159 | 1 Intel | 258 Xeon Bronze 3204, Xeon Bronze 3204 Firmware, Xeon Bronze 3206r and 255 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-3422 | 1 Splunk | 1 Splunk | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. | |||||
| CVE-2022-25751 | 1 Siemens | 48 Scalance X302-7eec, Scalance X302-7eec Firmware, Scalance X304-2fe and 45 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices. | |||||
| CVE-2022-27828 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2021-0066 | 2 Intel, Microsoft | 45 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 42 more | 2024-02-04 | 4.6 MEDIUM | 8.4 HIGH |
| Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0165 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2022-25162 | 2 Mitsubhishielectric, Mitsubishielectric | 194 Melsec Iq-fx5u-32mr\/ds, Melsec Iq-fx5u-32mr\/ds Firmware, Melsec Iq-fx5u-32mr\/dss and 191 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets. | |||||
| CVE-2021-0173 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2022-26107 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-26617 | 2 Firstmall, Microsoft | 2 Firstmall, Windows | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. | |||||
| CVE-2021-39771 | 1 Google | 1 Android | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951 | |||||
| CVE-2022-29479 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-28329 | 1 Siemens | 8 Scalance W1788-1 M12, Scalance W1788-1 M12 Firmware, Scalance W1788-2 Eec M12 and 5 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature. | |||||
| CVE-2021-44040 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. | |||||
| CVE-2021-0161 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33316 | 1 Trendnet | 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. | |||||
| CVE-2022-1431 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption. | |||||
| CVE-2021-44454 | 1 Intel | 1 Quartus Prime | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0126 | 1 Intel | 1 Manageability Commander | 2024-02-04 | 5.2 MEDIUM | 8.0 HIGH |
| Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2022-26780 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||