Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26863 | 1 Dell | 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. | |||||
| CVE-2022-24086 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. | |||||
| CVE-2022-30330 | 1 Keepkey | 2 Keepkey, Keepkey Firmware | 2024-02-04 | 6.9 MEDIUM | 6.6 MEDIUM |
| In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes. | |||||
| CVE-2022-27826 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-28190 | 1 Nvidia | 1 Gpu Display Driver | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service. | |||||
| CVE-2021-26624 | 1 Escanav | 1 Escan Anti-virus | 2024-02-04 | 10.0 HIGH | 8.8 HIGH |
| An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. | |||||
| CVE-2022-29191 | 1 Google | 1 Tensorflow | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2021-44355 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-27827 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2021-44483 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. | |||||
| CVE-2021-4219 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. | |||||
| CVE-2022-24881 | 1 Ballcat | 1 Codegen | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2. | |||||
| CVE-2021-33025 | 1 Xarrow | 1 Xarrow | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. | |||||
| CVE-2021-39701 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 | |||||
| CVE-2022-20715 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. | |||||
| CVE-2022-28783 | 1 Google | 1 Android | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. | |||||
| CVE-2022-32238 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-30709 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-24418 | 1 Dell | 56 Dell G5 5505, Dell G5 5505 Firmware, Inspiron 22-3275 and 53 more | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2021-4212 | 1 Lenovo | 124 C340-14iml, C340-14iml Firmware, C340-15iml and 121 more | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||