Total
9762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39060 | 1 Changingtec | 1 Megaservisignadapter | 2024-02-28 | N/A | 9.8 CRITICAL |
| ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service. | |||||
| CVE-2023-20025 | 1 Cisco | 8 Rv016, Rv016 Firmware, Rv042 and 5 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device. | |||||
| CVE-2022-34393 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2024-02-28 | N/A | 7.5 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2022-42534 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A | |||||
| CVE-2023-21439 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-46768 | 1 Zabbix | 2 Web Service Report Generation, Zabbix-agent2 | 2024-02-28 | N/A | 5.9 MEDIUM |
| Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files. | |||||
| CVE-2023-21607 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27892 | 1 Palantir | 1 Gotham | 2024-02-28 | N/A | 7.5 HIGH |
| Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | |||||
| CVE-2023-22452 | 1 Kenny2automate Project | 1 Kenny2automate | 2024-02-28 | N/A | 6.5 MEDIUM |
| kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured. Thus anyone who has access to the channel ID they wish to change settings for and the server settings panel for any server could change settings for the requested channel no matter which server it belonged to. Commit a947d7c resolves the issue and has been deployed to the official instance of the bot. The only workaround that exists is to disable the web config entirely by changing it to run on localhost. Note that a workaround is only necessary for those who run their own instance of the bot. | |||||
| CVE-2023-20651 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2024-02-28 | N/A | 4.4 MEDIUM |
| In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576. | |||||
| CVE-2022-20512 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879 | |||||
| CVE-2022-20507 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179 | |||||
| CVE-2022-34460 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2024-02-28 | N/A | 7.8 HIGH |
| Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2023-24571 | 1 Dell | 2 Embedded Box Pc 3000, Embedded Box Pc 3000 Firmware | 2024-02-28 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution. | |||||
| CVE-2022-43484 | 1 Nttdata | 2 Terasoluna Global Framework, Terasoluna Server Framework For Java \(rich\) | 2024-02-28 | N/A | 7.8 HIGH |
| TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. | |||||
| CVE-2023-26281 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Http Server and 4 more | 2024-02-28 | N/A | 7.5 HIGH |
| IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. | |||||
| CVE-2023-21453 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data. | |||||
| CVE-2022-20592 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A | |||||
| CVE-2023-25691 | 1 Apache | 1 Apache-airflow-providers-google | 2024-02-28 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | |||||
| CVE-2022-41908 | 1 Google | 1 Tensorflow | 2024-02-28 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||