Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3560 | 4 Canonical, Debian, Polkit Project and 1 more | 10 Ubuntu Linux, Debian Linux, Polkit and 7 more | 2024-08-03 | 7.8 High |
| It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-0408 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220. | ||||
| CVE-2021-0339 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687 | ||||
| CVE-2021-0002 | 2 Fedoraproject, Intel | 3 Fedora, Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-08-03 | 7.1 High |
| Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | ||||
| CVE-2022-45854 | 1 Zyxel | 12 Nwa110ax, Nwa110ax Firmware, Nwa210ax and 9 more | 2024-08-03 | 4.3 Medium |
| An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. | ||||
| CVE-2022-45788 | 1 Schneider-electric | 108 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 105 more | 2024-08-03 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions) | ||||
| CVE-2022-43393 | 1 Zyxel | 90 Gs1350-12hp, Gs1350-12hp Firmware, Gs1350-18hp and 87 more | 2024-08-03 | 8.2 High |
| An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. | ||||
| CVE-2022-41587 | 1 Huawei | 1 Emui | 2024-08-03 | 5.3 Medium |
| Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. | ||||
| CVE-2022-39288 | 1 Fastify | 1 Fastify | 2024-08-03 | 7.5 High |
| fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers. | ||||
| CVE-2022-38233 | 1 Xpdf Project | 1 Xpdf | 2024-08-03 | 5.5 Medium |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. | ||||
| CVE-2022-38235 | 1 Xpdf Project | 1 Xpdf | 2024-08-03 | 5.5 Medium |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | ||||
| CVE-2022-38234 | 1 Xpdf Project | 1 Xpdf | 2024-08-03 | 5.5 Medium |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | ||||
| CVE-2022-38152 | 1 Wolfssl | 1 Wolfssl | 2024-08-03 | 7.5 High |
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | ||||
| CVE-2022-37392 | 1 Apache | 1 Traffic Server | 2024-08-03 | 5.3 Medium |
| Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | ||||
| CVE-2022-36794 | 1 Intel | 1 Server Platform Services | 2024-08-03 | 6 Medium |
| Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-36140 | 1 Swfmill | 1 Swfmill | 2024-08-03 | 5.5 Medium |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). | ||||
| CVE-2022-36145 | 1 Swfmill | 1 Swfmill | 2024-08-03 | 5.5 Medium |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord(). | ||||
| CVE-2022-36141 | 1 Swfmill | 1 Swfmill | 2024-08-03 | 5.5 Medium |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | ||||
| CVE-2022-36046 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2024-08-03 | 5.3 Medium |
| Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. | ||||
| CVE-2022-35473 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. | ||||