Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35469 | 1 Otfcc Project | 1 Otfcc | 2024-08-03 | 6.5 Medium |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384. | ||||
| CVE-2022-35173 | 1 Nginx | 1 Njs | 2024-08-03 | 7.5 High |
| An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. | ||||
| CVE-2022-32749 | 1 Apache | 1 Traffic Server | 2024-08-03 | 7.5 High |
| Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. | ||||
| CVE-2022-32590 | 3 Google, Linuxfoundation, Mediatek | 47 Android, Yocto, Mt6761 and 44 more | 2024-08-03 | 6.7 Medium |
| In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. | ||||
| CVE-2022-31093 | 1 Nextauth.js | 1 Next-auth | 2024-08-03 | 7.5 High |
| NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more. | ||||
| CVE-2022-31103 | 1 Lettersanitizer Project | 1 Lettersanitizer | 2024-08-03 | 7.5 High |
| lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. | ||||
| CVE-2022-30738 | 1 Samsung | 1 Internet | 2024-08-03 | 4.3 Medium |
| Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | ||||
| CVE-2022-30692 | 1 Intel | 1 System Usage Report | 2024-08-03 | 5.9 Medium |
| Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2022-29523 | 1 Open Cas Project | 1 Open Cas | 2024-08-03 | 3.3 Low |
| Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-29369 | 1 F5 | 1 Njs | 2024-08-03 | 7.5 High |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. | ||||
| CVE-2022-29278 | 1 Insyde | 1 Kernel | 2024-08-03 | 8.2 High |
| Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 | ||||
| CVE-2022-28793 | 1 Samsung | 2 Galaxy S22, Galaxy S22 Firmware | 2024-08-03 | 4.4 Medium |
| Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. | ||||
| CVE-2022-26079 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2024-08-03 | 6 Medium |
| Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26078 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-08-03 | 7.5 High |
| Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a. | ||||
| CVE-2022-24880 | 1 Flask-session-captcha Project | 1 Flask-session-captcha | 2024-08-03 | 5.3 Medium |
| flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. | ||||
| CVE-2022-24323 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-08-03 | 5.3 Medium |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior) | ||||
| CVE-2022-24321 | 1 Schneider-electric | 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2024-08-03 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) | ||||
| CVE-2022-23712 | 1 Elastic | 1 Elasticsearch | 2024-08-03 | 7.5 High |
| A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. | ||||
| CVE-2022-23593 | 1 Google | 1 Tensorflow | 2024-08-03 | 5.9 Medium |
| Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. | ||||
| CVE-2022-23590 | 1 Google | 1 Tensorflow | 2024-08-03 | 5.9 Medium |
| Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. | ||||