Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30232 | 1 Schneider-electric | 2 Powerlogic Ion Setup, Powerlogic Ion Setup Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||
| CVE-2022-1727 | 1 Diagrams | 1 Draw.io | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | |||||
| CVE-2022-28224 | 1 Tigera | 2 Calico Enterprise, Calico Os | 2024-02-04 | 5.5 MEDIUM | 5.5 MEDIUM |
| Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. | |||||
| CVE-2022-24417 | 1 Dell | 56 Dell G5 5505, Dell G5 5505 Firmware, Inspiron 22-3275 and 53 more | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-26106 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-26864 | 1 Dell | 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. | |||||
| CVE-2021-27420 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels. | |||||
| CVE-2021-26626 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-02-04 | 5.1 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code. | |||||
| CVE-2022-20134 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | |||||
| CVE-2021-35111 | 1 Qualcomm | 75 Ar8035, Ar8035 Firmware, Qca6390 and 72 more | 2024-02-04 | 7.1 HIGH | 5.9 MEDIUM |
| Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2022-25271 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | |||||
| CVE-2021-30338 | 1 Qualcomm | 4 Sd850, Sd850 Firmware, Sdxr1 and 1 more | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute | |||||
| CVE-2021-39778 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-196406138 | |||||
| CVE-2022-28328 | 1 Siemens | 8 Scalance W1788-1 M12, Scalance W1788-1 M12 Firmware, Scalance W1788-2 Eec M12 and 5 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition. | |||||
| CVE-2022-29872 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. | |||||
| CVE-2022-30720 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2021-44366 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-33098 | 1 Intel | 4 Ethernet 500 Series Controllers Driver, Ethernet Connection X540, Ethernet Connection X550 and 1 more | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-25510 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. | |||||
| CVE-2020-12946 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-02-04 | 6.6 MEDIUM | 7.1 HIGH |
| Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. | |||||