Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38099 | 1 Intel | 16 Nuc11dbbi7, Nuc11dbbi7 Firmware, Nuc11dbbi9 and 13 more | 2023-08-08 | N/A | 7.8 HIGH |
| Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-21978 | 1 Vmware | 1 View Planner | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. | |||||
| CVE-2022-20037 | 2 Google, Mediatek | 57 Android, Mt6735, Mt6737 and 54 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. | |||||
| CVE-2022-45725 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | |||||
| CVE-2022-28692 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. | |||||
| CVE-2022-24521 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-35893 | 1 Insyde | 1 Insydeh2o | 2023-08-08 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-45687 | 1 Raw-cpuid Project | 1 Raw-cpuid | 2023-08-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic. | |||||
| CVE-2022-36448 | 1 Insyde | 1 Insydeh2o | 2023-08-08 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. | |||||
| CVE-2022-20019 | 2 Google, Mediatek | 40 Android, Mt6595, Mt6735 and 37 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. | |||||
| CVE-2021-21126 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | |||||
| CVE-2022-20020 | 2 Google, Mediatek | 28 Android, Mt6739, Mt6768 and 25 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906. | |||||
| CVE-2021-26351 | 1 Amd | 98 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3300g and 95 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | |||||
| CVE-2022-20036 | 2 Google, Mediatek | 56 Android, Mt6735, Mt6737 and 53 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. | |||||
| CVE-2022-27807 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. | |||||
| CVE-2022-29892 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | |||||
| CVE-2021-0511 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | |||||
| CVE-2022-40773 | 1 Zohocorp | 2 Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2023-08-08 | N/A | 8.8 HIGH |
| Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | |||||
| CVE-2021-40017 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-08 | N/A | 9.8 CRITICAL |
| The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. | |||||
| CVE-2023-37550 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2023-08-07 | N/A | 6.5 MEDIUM |
| In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549. | |||||