Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42269 | 1 Nvidia | 14 Jetson Agx Xavier, Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb and 11 more | 2024-02-28 | N/A | 7.9 HIGH |
NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components. | |||||
CVE-2023-20026 | 1 Cisco | 8 Rv016, Rv016 Firmware, Rv042 and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. | |||||
CVE-2023-20638 | 2 Google, Mediatek | 38 Android, Mt6739, Mt6753 and 35 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537. | |||||
CVE-2023-20640 | 2 Google, Mediatek | 7 Android, Mt6879, Mt6895 and 4 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573. | |||||
CVE-2022-39346 | 2 Fedoraproject, Nextcloud | 3 Fedora, Nextcloud Enterprise Server, Nextcloud Server | 2024-02-28 | N/A | 6.5 MEDIUM |
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | |||||
CVE-2022-32482 | 1 Dell | 378 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 375 more | 2024-02-28 | N/A | 5.1 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||||
CVE-2022-38123 | 1 Secomea | 1 Gatemanager | 2024-02-28 | N/A | 7.2 HIGH |
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0. | |||||
CVE-2023-21428 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. | |||||
CVE-2022-46372 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. | |||||
CVE-2023-20649 | 2 Google, Mediatek | 37 Android, Mt6761, Mt6762 and 34 more | 2024-02-28 | N/A | 4.4 MEDIUM |
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607. | |||||
CVE-2022-32653 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262518; Issue ID: ALPS07262518. | |||||
CVE-2023-0299 | 1 Publify Project | 1 Publify | 2024-02-28 | N/A | 9.8 CRITICAL |
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | |||||
CVE-2023-20528 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2024-02-28 | N/A | 2.4 LOW |
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | |||||
CVE-2022-24439 | 3 Debian, Fedoraproject, Gitpython Project | 3 Debian Linux, Fedora, Gitpython | 2024-02-28 | N/A | 9.8 CRITICAL |
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | |||||
CVE-2022-45113 | 1 Sixapart | 1 Movable Type | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | |||||
CVE-2022-20584 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A | |||||
CVE-2022-45088 | 1 Gruparge | 1 Smartpower Web | 2024-02-28 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01. | |||||
CVE-2023-24975 | 1 Ibm | 1 Spectrum Symphony | 2024-02-28 | N/A | 6.1 MEDIUM |
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. | |||||
CVE-2023-25692 | 1 Apache | 1 Apache-airflow-providers-google | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | |||||
CVE-2022-23814 | 1 Amd | 2 Milanpi-sp3, Milanpi-sp3 Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. |