Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-21588 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-33964 | 1 Intel | 1 System Usage Report | 2024-02-28 | N/A | 9.8 CRITICAL |
Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
CVE-2022-32652 | 2 Google, Mediatek | 6 Android, Mt6833, Mt6853 and 3 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262617; Issue ID: ALPS07262617. | |||||
CVE-2022-31808 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
CVE-2023-20641 | 2 Google, Mediatek | 7 Android, Mt6879, Mt6895 and 4 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574. | |||||
CVE-2020-36564 | 1 Nosurf Project | 1 Nosurf | 2024-02-28 | N/A | 7.5 HIGH |
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. | |||||
CVE-2023-24493 | 1 Tenable | 1 Tenable.sc | 2024-02-28 | N/A | 5.7 MEDIUM |
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host. | |||||
CVE-2022-20470 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191 | |||||
CVE-2022-38900 | 1 Decode-uri-component Project | 1 Decode-uri-component | 2024-02-28 | N/A | 7.5 HIGH |
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. | |||||
CVE-2022-43723 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | |||||
CVE-2023-20643 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584. | |||||
CVE-2023-21596 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-0139 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2022-4428 | 1 Cloudflare | 1 Warp | 2024-02-28 | N/A | 8.0 HIGH |
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients). | |||||
CVE-2022-46701 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges. | |||||
CVE-2022-43875 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. | |||||
CVE-2022-4504 | 1 Open-emr | 1 Openemr | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
CVE-2022-40266 | 1 Mitsubishielectric | 6 Got2000 Gt23, Got2000 Gt23 Firmware, Got2000 Gt25 and 3 more | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command. | |||||
CVE-2022-43455 | 1 Sewio | 1 Real-time Location System Studio | 2024-02-28 | N/A | 6.5 MEDIUM |
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server. | |||||
CVE-2023-20020 | 1 Cisco | 2 Broadworks Application Delivery Platform Device Management, Broadworks Xtended Services Platform | 2024-02-28 | N/A | 8.6 HIGH |
A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition. |