Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-41336 | 1 Symfony | 1 Ux Autocomplete | 2024-02-28 | N/A | 6.5 MEDIUM |
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2. | |||||
CVE-2023-30712 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity. | |||||
CVE-2023-21391 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.5 HIGH |
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-39265 | 1 Apache | 1 Superset | 2024-02-28 | N/A | 6.5 MEDIUM |
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | |||||
CVE-2023-39456 | 2 Apache, Fedoraproject | 2 Traffic Server, Fedora | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue. | |||||
CVE-2023-21284 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40801 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | |||||
CVE-2023-45648 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2024-02-28 | N/A | 5.3 MEDIUM |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | |||||
CVE-2023-20118 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-02-28 | N/A | 7.2 HIGH |
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability. | |||||
CVE-2022-29606 | 1 Opennetworking | 1 Onos | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network. | |||||
CVE-2023-30663 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. | |||||
CVE-2022-42500 | 1 Google | 1 Android | 2024-02-28 | N/A | 6.7 MEDIUM |
In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A | |||||
CVE-2023-20707 | 2 Google, Mediatek | 43 Android, Mt6735, Mt6737 and 40 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556. | |||||
CVE-2023-30657 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | |||||
CVE-2022-47502 | 1 Apache | 1 Openoffice | 2024-02-28 | N/A | 7.8 HIGH |
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. | |||||
CVE-2023-31161 | 1 Selinc | 10 Sel-3350, Sel-3350 Firmware, Sel-3532 and 7 more | 2024-02-28 | N/A | 8.8 HIGH |
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
CVE-2023-20718 | 3 Google, Mediatek, Yoctoproject | 31 Android, Mt6768, Mt6769 and 28 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181. | |||||
CVE-2021-46756 | 1 Amd | 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more | 2024-02-28 | N/A | 9.1 CRITICAL |
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. | |||||
CVE-2023-27984 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 8.8 HIGH |
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
CVE-2023-31047 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-02-28 | N/A | 9.8 CRITICAL |
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. |