Total
9854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24280 | 1 Apache | 1 Pulsar | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier. | |||||
| CVE-2022-24098 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file. | |||||
| CVE-2022-24093 | 1 Adobe | 2 Commerce, Magento Open Source | 2024-11-21 | N/A | 9.1 CRITICAL |
| Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. | |||||
| CVE-2022-24086 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. | |||||
| CVE-2022-24037 | 1 Karmasis | 1 Infraskope Siem\+ | 2024-11-21 | N/A | 8.2 HIGH |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | |||||
| CVE-2022-23992 | 1 Broadcom | 1 Xcom Data Transport | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges. | |||||
| CVE-2022-23820 | 1 Amd | 208 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 205 more | 2024-11-21 | N/A | 7.5 HIGH |
| Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. | |||||
| CVE-2022-23818 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | N/A | 7.5 HIGH |
| Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. | |||||
| CVE-2022-23814 | 1 Amd | 2 Milanpi-sp3, Milanpi-sp3 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. | |||||
| CVE-2022-23766 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website. | |||||
| CVE-2022-23624 | 1 Frourio | 1 Frourio-express | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | |||||
| CVE-2022-23623 | 1 Frourio | 1 Frourio | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | |||||
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | |||||
| CVE-2022-23403 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-23019 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
| On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-23014 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-22820 | 1 Linecorp | 1 Line | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4. | |||||
| CVE-2022-22727 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | |||||
| CVE-2022-22726 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | |||||
| CVE-2022-22658 | 1 Apple | 1 Iphone Os | 2024-11-21 | N/A | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. | |||||