Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20587 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A | |||||
CVE-2022-41888 | 1 Google | 1 Tensorflow | 2024-02-28 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
CVE-2021-26316 | 1 Amd | 294 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 291 more | 2024-02-28 | N/A | 7.8 HIGH |
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. | |||||
CVE-2023-21446 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. | |||||
CVE-2023-20646 | 2 Google, Mediatek | 44 Android, Mt6737, Mt6739 and 41 more | 2024-02-28 | N/A | 4.4 MEDIUM |
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628536; Issue ID: ALPS07628536. | |||||
CVE-2023-22228 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-20644 | 2 Google, Mediatek | 33 Android, Mt6580, Mt6739 and 30 more | 2024-02-28 | N/A | 4.4 MEDIUM |
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603. | |||||
CVE-2023-20612 | 2 Google, Mediatek | 37 Android, Mt6739, Mt6761 and 34 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571. | |||||
CVE-2022-43929 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. | |||||
CVE-2023-20522 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | |||||
CVE-2022-3388 | 1 Hitachienergy | 2 Microscada Pro Sys600, Microscada X Sys600 | 2024-02-28 | N/A | 7.8 HIGH |
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. | |||||
CVE-2022-40265 | 1 Mitsubishielectric | 12 R04encpu, R04encpu Firmware, R08encpu and 9 more | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery. | |||||
CVE-2023-21574 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-26404 | 1 Amd | 46 Epyc 7003, Epyc 7003 Firmware, Epyc 7313 and 43 more | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | |||||
CVE-2023-21431 | 1 Samsung | 1 Bixby Vision | 2024-02-28 | N/A | 3.3 LOW |
Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. | |||||
CVE-2023-20648 | 2 Google, Mediatek | 38 Android, Mt6761, Mt6762 and 35 more | 2024-02-28 | N/A | 4.4 MEDIUM |
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612. | |||||
CVE-2022-20589 | 1 Google | 1 Android | 2024-02-28 | N/A | 4.4 MEDIUM |
In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A | |||||
CVE-2023-22734 | 1 Shopware | 1 Shopware | 2024-02-28 | N/A | 7.5 HIGH |
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. Users unable to upgrade may find security measures are available via a plugin for major versions 6.1, 6.2, and 6.3. Users may also disable newsletter registration completely. | |||||
CVE-2022-34435 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2024-02-28 | N/A | 4.9 MEDIUM |
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | |||||
CVE-2023-25693 | 1 Apache | 1 Apache-airflow-providers-apache-sqoop | 2024-02-28 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. |