Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-20634 | 2 Google, Mediatek | 27 Android, Mt6762, Mt6765 and 24 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697. | |||||
CVE-2022-29494 | 1 Intel | 58 C621a, C627a, C629a and 55 more | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access. | |||||
CVE-2022-34436 | 1 Dell | 2 Idrac8, Idrac8 Firmware | 2024-02-28 | N/A | 4.9 MEDIUM |
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | |||||
CVE-2023-20637 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588. | |||||
CVE-2023-20621 | 2 Google, Mediatek | 13 Android, Mt6739, Mt6761 and 10 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755. | |||||
CVE-2022-20585 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A | |||||
CVE-2022-20590 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A | |||||
CVE-2023-20636 | 2 Google, Mediatek | 5 Android, Mt6895, Mt6985 and 2 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593. | |||||
CVE-2023-22470 | 1 Nextcloud | 1 Deck | 2024-02-28 | N/A | 6.5 MEDIUM |
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | |||||
CVE-2023-20626 | 2 Google, Mediatek | 27 Android, Mt6739, Mt6761 and 24 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223. | |||||
CVE-2022-41861 | 1 Freeradius | 1 Freeradius | 2024-02-28 | N/A | 6.5 MEDIUM |
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. | |||||
CVE-2023-20642 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586. | |||||
CVE-2023-20613 | 2 Google, Mediatek | 37 Android, Mt6739, Mt6761 and 34 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614. | |||||
CVE-2023-20639 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587. | |||||
CVE-2023-21621 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-02-28 | N/A | 7.8 HIGH |
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-45770 | 1 Adguard | 1 Adguard | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | |||||
CVE-2022-4033 | 1 Expresstech | 1 Quiz And Survey Master | 2024-02-28 | N/A | 5.3 MEDIUM |
The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type. | |||||
CVE-2022-41942 | 1 Sourcegraph | 1 Sourcegraph | 2024-02-28 | N/A | 7.8 HIGH |
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0. | |||||
CVE-2021-46767 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2024-02-28 | N/A | 6.1 MEDIUM |
Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service. | |||||
CVE-2023-20932 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 |