Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-35415 | 1 Ni | 1 Configuration Manager | 2024-02-28 | N/A | 7.8 HIGH |
An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-43566 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-02-28 | N/A | 8.0 HIGH |
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | |||||
CVE-2022-21181 | 1 Intel | 14 Dual Band Wireless-ac 8260, Dual Band Wireless-ac 8260 Firmware, Dual Band Wireless-ac 8265 and 11 more | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-20945 | 1 Cisco | 8 Catalyst 9800-40, Catalyst 9800-40 Firmware, Catalyst 9800-80 and 5 more | 2024-02-28 | N/A | 6.5 MEDIUM |
A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. | |||||
CVE-2022-36448 | 1 Insyde | 1 Insydeh2o | 2024-02-28 | N/A | 8.2 HIGH |
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. | |||||
CVE-2022-21197 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2024-02-28 | N/A | 7.5 HIGH |
Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2022-28129 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
CVE-2022-41214 | 1 Sap | 1 Netweaver Application Server Abap | 2024-02-28 | N/A | 8.7 HIGH |
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application. | |||||
CVE-2022-37010 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | N/A | 3.3 LOW |
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed | |||||
CVE-2021-27774 | 1 Hcltech | 1 Hcl Digital Experience | 2024-02-28 | N/A | 5.4 MEDIUM |
User input included in error response, which could be used in a phishing attack. | |||||
CVE-2022-26707 | 1 Apple | 1 Macos | 2024-02-28 | N/A | 5.5 MEDIUM |
An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information. | |||||
CVE-2022-20457 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784 | |||||
CVE-2022-39880 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. | |||||
CVE-2022-25839 | 1 Url-js Project | 1 Url-js | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is. | |||||
CVE-2022-29897 | 1 Phoenixcontact | 6 Rad-ism-900-en-bd, Rad-ism-900-en-bd-bus, Rad-ism-900-en-bd-bus Firmware and 3 more | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware. | |||||
CVE-2021-0076 | 2 Intel, Microsoft | 45 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 42 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2021-44454 | 1 Intel | 1 Quartus Prime | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-32235 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-26106 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
CVE-2022-32241 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |