Total
12859 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20009 | 1 Cisco | 2 Email Security Appliance, Secure Email And Web Manager | 2024-11-21 | 6.5 Medium |
| A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]]. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device. | ||||
| CVE-2023-1289 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-11-21 | 5.5 Medium |
| A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. | ||||
| CVE-2023-0869 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.8 Medium |
| Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0868 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0867 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 6.7 Medium |
| Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0359 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.9 Medium |
| A missing nullptr-check in handle_ra_input can cause a nullptr-deref. | ||||
| CVE-2023-0139 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | 6.5 Medium |
| Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2022-4574 | 1 Lenovo | 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more | 2024-11-21 | 6.7 Medium |
| An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2022-4573 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-11-21 | 6.7 Medium |
| An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2022-4186 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-48605 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | ||||
| CVE-2022-48459 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2022-48458 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2022-48457 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2022-48321 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.8 Medium |
| Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | ||||
| CVE-2022-48189 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2024-11-21 | 6.7 Medium |
| An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2022-47937 | 1 Apache | 1 Sling Commons Json | 2024-11-21 | 9.8 Critical |
| Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries. | ||||
| CVE-2022-47925 | 1 Csaf-validator-lib Project | 1 Csaf-validator-lib | 2024-11-21 | 7.5 High |
| The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability. | ||||
| CVE-2022-47909 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.8 Medium |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | ||||
| CVE-2022-47353 | 2 Google, Unisoc | 7 Android, S8000, T610 and 4 more | 2024-11-21 | 4.4 Medium |
| In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed | ||||