Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-33228 1 Qualcomm 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more 2024-11-21 8.2 High
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
CVE-2022-33227 1 Qualcomm 142 Aqt1000, Aqt1000 Firmware, Csrb31024 and 139 more 2024-11-21 6.7 Medium
Memory corruption in Linux android due to double free while calling unregister provider after register call.
CVE-2022-33226 1 Qualcomm 66 Aqt1000, Aqt1000 Firmware, Qam8255p and 63 more 2024-11-21 6.7 Medium
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.
CVE-2022-33225 1 Qualcomm 58 Apq8096au, Apq8096au Firmware, Mdm9628 and 55 more 2024-11-21 6.7 Medium
Memory corruption due to use after free in trusted application environment.
CVE-2022-33224 1 Qualcomm 92 Aqt1000, Aqt1000 Firmware, Qam8255p and 89 more 2024-11-21 6.7 Medium
Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.
CVE-2022-33223 1 Qualcomm 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more 2024-11-21 7.5 High
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
CVE-2022-33222 1 Qualcomm 26 Mdm8207, Mdm8207 Firmware, Mdm9205 and 23 more 2024-11-21 8.2 High
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
CVE-2022-33221 1 Qualcomm 28 Sd 8 Gen1 5g Firmware, Sm8475, Ssg2115p and 25 more 2024-11-21 6.8 Medium
Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.
CVE-2022-33220 1 Qualcomm 90 Aqt1000, Aqt1000 Firmware, Qam8295p and 87 more 2024-11-21 5.1 Medium
Information disclosure in Automotive multimedia due to buffer over-read.
CVE-2022-33216 1 Qualcomm 36 Qam8295p, Qam8295p Firmware, Qca6574a and 33 more 2024-11-21 6 Medium
Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file.
CVE-2022-33213 1 Qualcomm 418 Apq8009, Apq8009 Firmware, Apq8009w and 415 more 2024-11-21 7.5 High
Memory corruption in modem due to buffer overflow while processing a PPP packet
CVE-2022-33211 1 Qualcomm 24 Mdm8207, Mdm8207 Firmware, Mdm9205 and 21 more 2024-11-21 9.8 Critical
memory corruption in modem due to improper check while calculating size of serialized CoAP message
CVE-2022-33208 1 Omron 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more 2024-11-21 8.1 High
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.
CVE-2022-33203 1 F5 2 Big-ip Access Policy Manager, Big-ip Ssl Orchestrator 2024-11-21 7.5 High
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2022-33202 1 Softcreate 1 L2blocker 2024-11-21 8.1 High
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.
CVE-2022-33175 1 Powertekpdus 14 Basic Pdu, Basic Pdu Firmware, Piml Pdu and 11 more 2024-11-21 9.8 Critical
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.
CVE-2022-33174 1 Powertekpdus 14 Basic Pdu, Basic Pdu Firmware, Piml Pdu and 11 more 2024-11-21 9.8 Critical
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
CVE-2022-33173 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead.
CVE-2022-33172 1 Bund 1 De.fac2 2024-11-21 5.5 Medium
de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.
CVE-2022-33171 1 Typeorm 1 Typeorm 2024-11-21 9.8 Critical
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation