Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27803 | 1 Cybozu | 1 Garoon | 2024-08-03 | 4.3 Medium |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. | ||||
| CVE-2022-27574 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | ||||
| CVE-2022-27655 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-27654 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-27573 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | ||||
| CVE-2022-27421 | 1 Chamilo | 1 Chamilo Lms | 2024-08-03 | 7.2 High |
| Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | ||||
| CVE-2022-27255 | 1 Realtek | 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more | 2024-08-03 | 9.8 Critical |
| In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data. | ||||
| CVE-2022-27228 | 1 Bitrix24 | 1 Bitrix24 | 2024-08-03 | 9.8 Critical |
| In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. | ||||
| CVE-2022-26889 | 1 Splunk | 1 Splunk | 2024-08-03 | 8.8 High |
| In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). | ||||
| CVE-2022-26837 | 1 Intel | 454 Core I3-11100he, Core I3-11100he Firmware, Core I3-1110g4 and 451 more | 2024-08-03 | 7.5 High |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26707 | 1 Apple | 1 Macos | 2024-08-03 | 5.5 Medium |
| An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information. | ||||
| CVE-2022-26655 | 1 Pexip | 1 Pexip Infinity | 2024-08-03 | 7.5 High |
| Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams. | ||||
| CVE-2022-26582 | 1 Paxtechnology | 2 A930, Paydroid | 2024-08-03 | 7.8 High |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2022-26531 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2024-08-03 | 6.1 Medium |
| Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | ||||
| CVE-2022-26336 | 3 Apache, Netapp, Redhat | 3 Poi, Active Iq Unified Manager, Jboss Fuse | 2024-08-03 | 5.5 Medium |
| A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. | ||||
| CVE-2022-26107 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26106 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26006 | 1 Intel | 260 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 257 more | 2024-08-03 | 8.2 High |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26108 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||
| CVE-2022-26109 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-08-03 | 6.5 Medium |
| When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | ||||