Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3661 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 4.3 MEDIUM |
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low) | |||||
CVE-2022-27803 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. | |||||
CVE-2022-31121 | 1 Hyperledger | 1 Fabric | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue. | |||||
CVE-2022-23403 | 1 Intel | 1 Data Center Manager | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2022-32487 | 1 Dell | 580 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 577 more | 2024-02-28 | N/A | 7.8 HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2022-22658 | 1 Apple | 1 Iphone Os | 2024-02-28 | N/A | 6.5 MEDIUM |
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. | |||||
CVE-2022-22525 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-02-28 | N/A | 7.2 HIGH |
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function | |||||
CVE-2022-44556 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. | |||||
CVE-2022-1500 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
CVE-2022-31321 | 1 Boltcms | 1 Bolt | 2024-02-28 | N/A | 9.1 CRITICAL |
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. | |||||
CVE-2020-6998 | 1 Rockwellautomation | 18 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 15 more | 2024-02-28 | N/A | 8.6 HIGH |
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. | |||||
CVE-2022-20841 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2024-02-28 | N/A | 9.0 CRITICAL |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-29492 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | |||||
CVE-2022-35896 | 1 Insyde | 1 Insydeh2o | 2024-02-28 | N/A | 6.0 MEDIUM |
An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure. | |||||
CVE-2021-40648 | 1 Man2html Project | 1 Man2html | 2024-02-28 | N/A | 5.5 MEDIUM |
In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory. | |||||
CVE-2022-22247 | 1 Juniper | 1 Junos Os Evolved | 2024-02-28 | N/A | 7.5 HIGH |
An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO. | |||||
CVE-2022-27255 | 1 Realtek | 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data. | |||||
CVE-2022-36450 | 1 Obsidian | 1 Obsidian | 2024-02-28 | N/A | 9.8 CRITICAL |
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. | |||||
CVE-2022-41813 | 1 F5 | 2 Big-ip Advanced Firewall Manager, Big-ip Policy Enforcement Manager | 2024-02-28 | N/A | 6.5 MEDIUM |
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate. | |||||
CVE-2022-39266 | 1 Isolated-vm Project | 1 Isolated-vm | 2024-02-28 | N/A | 9.8 CRITICAL |
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user. |