Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9829 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-01-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. | |||||
| CVE-2020-9977 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari. | |||||
| CVE-2020-9914 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2023-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. | |||||
| CVE-2020-9906 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2023-01-09 | 9.4 HIGH | 9.1 CRITICAL |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2020-9870 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2023-01-09 | 6.5 MEDIUM | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code. | |||||
| CVE-2020-9826 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2023-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2020-9793 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-01-09 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2022-34681 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2023-01-06 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service. | |||||
| CVE-2020-36564 | 1 Nosurf Project | 1 Nosurf | 2023-01-06 | N/A | 7.5 HIGH |
| Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. | |||||
| CVE-2022-39012 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2023-01-05 | N/A | 7.5 HIGH |
| Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal. | |||||
| CVE-2022-22184 | 1 Juniper | 2 Junos, Junos Os Evolved | 2022-12-30 | N/A | 7.5 HIGH |
| An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO. | |||||
| CVE-2022-46328 | 1 Huawei | 2 Emui, Harmonyos | 2022-12-24 | N/A | 7.5 HIGH |
| Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2014-6230 | 1 Wp-ban Project | 1 Wp-ban | 2022-12-23 | 4.3 MEDIUM | N/A |
| WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. | |||||
| CVE-2022-42534 | 1 Google | 1 Android | 2022-12-21 | N/A | 7.8 HIGH |
| In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A | |||||
| CVE-2022-43484 | 1 Nttdata | 2 Terasoluna Global Framework, Terasoluna Server Framework For Java \(rich\) | 2022-12-21 | N/A | 7.8 HIGH |
| TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. | |||||
| CVE-2021-3943 | 1 Moodle | 1 Moodle | 2022-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | |||||
| CVE-2022-20592 | 1 Google | 1 Android | 2022-12-21 | N/A | 5.5 MEDIUM |
| In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A | |||||
| CVE-2022-20590 | 1 Google | 1 Android | 2022-12-21 | N/A | 5.5 MEDIUM |
| In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A | |||||
| CVE-2022-20589 | 1 Google | 1 Android | 2022-12-21 | N/A | 4.4 MEDIUM |
| In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A | |||||
| CVE-2022-20587 | 1 Google | 1 Android | 2022-12-21 | N/A | 7.8 HIGH |
| In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A | |||||