Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23814 | 1 Amd | 2 Milanpi-sp3, Milanpi-sp3 Firmware | 2024-08-03 | 5.3 Medium |
| Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. | ||||
| CVE-2022-23766 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2024-08-03 | 7.8 High |
| An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website. | ||||
| CVE-2022-23623 | 1 Frourio | 1 Frourio | 2024-08-03 | 8.1 High |
| Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | ||||
| CVE-2022-23626 | 1 Blog Project | 1 Blog | 2024-08-03 | 8.5 High |
| m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | ||||
| CVE-2022-23624 | 1 Frourio | 1 Frourio-express | 2024-08-03 | 8.1 High |
| Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | ||||
| CVE-2022-23549 | 1 Discourse | 1 Discourse | 2024-08-03 | 5.7 Medium |
| Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. | ||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 6.4 Medium |
| An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | ||||
| CVE-2022-23427 | 1 Google | 1 Android | 2024-08-03 | 3.9 Low |
| PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | ||||
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 8.6 High |
| Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | ||||
| CVE-2022-23403 | 1 Intel | 1 Data Center Manager | 2024-08-03 | 5.5 Medium |
| Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-23218 | 4 Debian, Gnu, Oracle and 1 more | 5 Debian Linux, Glibc, Communications Cloud Native Core Unified Data Repository and 2 more | 2024-08-03 | 9.8 Critical |
| The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2022-23219 | 4 Debian, Gnu, Oracle and 1 more | 9 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 6 more | 2024-08-03 | 9.8 Critical |
| The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | ||||
| CVE-2022-23019 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-08-03 | 7.5 High |
| On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-22968 | 4 Netapp, Oracle, Redhat and 1 more | 9 Active Iq Unified Manager, Cloud Secure Agent, Metrocluster Tiebreaker and 6 more | 2024-08-03 | 5.3 Medium |
| In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. | ||||
| CVE-2022-23014 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-08-03 | 6.5 Medium |
| On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-22820 | 1 Linecorp | 1 Line | 2024-08-03 | 5.5 Medium |
| Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4. | ||||
| CVE-2022-22726 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-08-03 | 6.5 Medium |
| A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | ||||
| CVE-2022-22727 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-08-03 | 8.8 High |
| A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | ||||
| CVE-2022-22658 | 1 Apple | 1 Iphone Os | 2024-08-03 | 6.5 Medium |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. | ||||
| CVE-2022-22588 | 1 Apple | 2 Ipados, Iphone Os | 2024-08-03 | 5.5 Medium |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. | ||||