Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41898 | 1 Google | 1 Tensorflow | 2024-02-28 | N/A | 7.5 HIGH |
TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
CVE-2022-42285 | 1 Nvidia | 2 Dgx A100, Sbios | 2024-02-28 | N/A | 7.8 HIGH |
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. | |||||
CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2024-02-28 | N/A | 7.8 HIGH |
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | |||||
CVE-2023-22357 | 1 Omron | 2 Cp1l-el20dr-d, Cp1l-el20dr-d Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. | |||||
CVE-2022-20474 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294 | |||||
CVE-2021-33360 | 1 Stoqey | 1 Gnuplot | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). | |||||
CVE-2022-38375 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-02-28 | N/A | 9.8 CRITICAL |
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. | |||||
CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2024-02-28 | N/A | 7.8 HIGH |
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |||||
CVE-2023-22578 | 1 Sequelizejs | 1 Sequelize | 2024-02-28 | N/A | 9.8 CRITICAL |
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | |||||
CVE-2022-36416 | 1 Vmware | 1 Ixgben | 2024-02-28 | N/A | 7.8 HIGH |
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-21449 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | |||||
CVE-2023-24056 | 1 Pkgconf | 1 Pkgconf | 2024-02-28 | N/A | 5.5 MEDIUM |
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |||||
CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2024-02-28 | N/A | 6.5 MEDIUM |
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | |||||
CVE-2023-20946 | 1 Google | 1 Android | 2024-02-28 | N/A | 9.8 CRITICAL |
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 | |||||
CVE-2022-43535 | 2 Arubanetworks, Microsoft | 2 Clearpass Policy Manager, Windows | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
CVE-2023-21454 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 2.4 LOW |
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | |||||
CVE-2022-45936 | 1 Siemens | 1 Mendix Email Connector | 2024-02-28 | N/A | 8.1 HIGH |
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information. | |||||
CVE-2022-33323 | 1 Mitsubishielectric | 102 Rh-12fh55, Rh-12fh55 Firmware, Rh-12fh70 and 99 more | 2024-02-28 | N/A | 7.5 HIGH |
Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | |||||
CVE-2023-0348 | 1 Akuvox | 2 E11, E11 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device. | |||||
CVE-2022-20550 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514 |