Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28200 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-02-28 | N/A | 5.5 MEDIUM |
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory. | |||||
CVE-2023-32480 | 1 Dell | 62 Alienware M15 R7, Alienware M15 R7 Firmware, G15 5510 and 59 more | 2024-02-28 | N/A | 6.8 MEDIUM |
Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. | |||||
CVE-2021-46769 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2024-02-28 | N/A | 8.8 HIGH |
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. | |||||
CVE-2023-21138 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 | |||||
CVE-2023-25865 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-28029 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-02-28 | N/A | 6.7 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable | |||||
CVE-2023-20710 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2024-02-28 | N/A | 4.4 MEDIUM |
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576935; Issue ID: ALPS07576935. | |||||
CVE-2023-20709 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2024-02-28 | N/A | 4.4 MEDIUM |
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951. | |||||
CVE-2023-26067 | 1 Lexmark | 163 B2236, B2338, B2442 and 160 more | 2024-02-28 | N/A | 8.1 HIGH |
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). | |||||
CVE-2023-20704 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2024-02-28 | N/A | 5.5 MEDIUM |
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826. | |||||
CVE-2022-23818 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-02-28 | N/A | 7.5 HIGH |
Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. | |||||
CVE-2023-25522 | 1 Nvidia | 4 Dgx A100, Dgx A100 Firmware, Dgx A800 and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
CVE-2023-26273 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-02-28 | N/A | 4.3 MEDIUM |
IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134. | |||||
CVE-2023-28707 | 1 Apache | 1 Apache-airflow-providers-apache-drill | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. | |||||
CVE-2023-20171 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | N/A | 6.5 MEDIUM |
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-32490 | 1 Dell | 6 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 5000 and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2021-43448 | 1 Onlyoffice | 1 Server | 2024-02-28 | N/A | 5.3 MEDIUM |
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known. | |||||
CVE-2021-37533 | 2 Apache, Debian | 2 Commons Net, Debian Linux | 2024-02-28 | N/A | 6.5 MEDIUM |
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711. | |||||
CVE-2022-44644 | 1 Apache | 1 Linkis | 2024-02-28 | N/A | 6.5 MEDIUM |
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1 | |||||
CVE-2022-39338 | 1 Nextcloud | 1 Openid Connect User Backend | 2024-02-28 | N/A | 5.4 MEDIUM |
user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this vulnerability has only been shown to be exploitable in the Safari web browser. This issue has been addressed in version 1.2.1. Users are advised to upgrade. Users unable to upgrade should urge their users to avoid using the Safari web browser. |