Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35896 | 1 Insyde | 1 Insydeh2o | 2024-08-03 | 6.0 Medium |
| An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure. | ||||
| CVE-2022-35893 | 1 Insyde | 1 Insydeh2o | 2024-08-03 | 8.2 High |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | ||||
| CVE-2022-35724 | 1 Apache | 1 Avro | 2024-08-03 | 7.5 High |
| It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. | ||||
| CVE-2022-35649 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-03 | 9.8 Critical |
| The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | ||||
| CVE-2022-35650 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-03 | 7.5 High |
| The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | ||||
| CVE-2022-35415 | 1 Ni | 1 Configuration Manager | 2024-08-03 | 7.8 High |
| An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-35404 | 1 Zohocorp | 4 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 1 more | 2024-08-03 | 8.2 High |
| ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | ||||
| CVE-2022-35171 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 5.5 Medium |
| When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below | ||||
| CVE-2022-35252 | 6 Apple, Debian, Haxx and 3 more | 21 Macos, Debian Linux, Curl and 18 more | 2024-08-03 | 3.7 Low |
| When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | ||||
| CVE-2022-35239 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2024-08-03 | 8.8 High |
| The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file. | ||||
| CVE-2022-34885 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-08-03 | 7.2 High |
| An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. | ||||
| CVE-2022-34916 | 1 Apache | 1 Flume | 2024-08-03 | 9.8 Critical |
| Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | ||||
| CVE-2022-34866 | 1 Yrl | 2 Passage Drive, Passage Drive For Box | 2024-08-03 | 7.8 High |
| Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running. | ||||
| CVE-2022-34681 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2024-08-03 | 5.5 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service. | ||||
| CVE-2022-34460 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2024-08-03 | 7.5 High |
| Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2022-34443 | 1 Dell | 1 Rugged Control Center | 2024-08-03 | 7.8 High |
| Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges. | ||||
| CVE-2022-34393 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2024-08-03 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2022-34436 | 1 Dell | 2 Idrac8, Idrac8 Firmware | 2024-08-03 | 2.7 Low |
| Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | ||||
| CVE-2022-34435 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2024-08-03 | 2.7 Low |
| Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | ||||
| CVE-2022-34350 | 1 Ibm | 1 Api Connect | 2024-08-03 | 5.3 Medium |
| IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264. | ||||