Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34570 | 1 Phoenixcontact | 12 Axc F 1152, Axc F 1152 Firmware, Axc F 2152 and 9 more | 2022-07-28 | 7.8 HIGH | 7.5 HIGH |
| Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests. | |||||
| CVE-2022-34758 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2022-07-27 | N/A | 4.9 MEDIUM |
| A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior) | |||||
| CVE-2018-1273 | 2 Apache, Pivotal Software | 3 Ignite, Spring Data Commons, Spring Data Rest | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. | |||||
| CVE-2021-42117 | 1 Businessdnasolutions | 1 Topease | 2022-07-25 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution. | |||||
| CVE-2022-32248 | 1 Sap | 1 S\/4hana | 2022-07-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. | |||||
| CVE-2022-2385 | 1 Kubernetes | 1 Aws-iam-authenticator | 2022-07-19 | 6.0 MEDIUM | 8.8 HIGH |
| A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. | |||||
| CVE-2022-35171 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-07-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below | |||||
| CVE-2022-26655 | 1 Pexip | 1 Pexip Infinity | 2022-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams. | |||||
| CVE-2022-30754 | 1 Google | 1 Android | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. | |||||
| CVE-2022-30756 | 1 Google | 1 Android | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. | |||||
| CVE-2022-33690 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. | |||||
| CVE-2022-33703 | 1 Google | 1 Android | 2022-07-16 | 4.6 MEDIUM | 7.8 HIGH |
| Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-33704 | 1 Google | 1 Android | 2022-07-16 | 4.6 MEDIUM | 7.8 HIGH |
| Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-33708 | 1 Samsung | 1 Galaxy Store | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||||
| CVE-2022-33709 | 1 Samsung | 1 Galaxy Store | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||||
| CVE-2022-33710 | 1 Samsung | 1 Galaxy Store | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||||
| CVE-2021-44221 | 1 Siemens | 1 Simatic Easie Core Package | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system. | |||||
| CVE-2022-31121 | 1 Hyperledger | 1 Fabric | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue. | |||||
| CVE-2021-25437 | 1 Linux | 1 Tizen | 2022-07-14 | 10.0 HIGH | 9.8 CRITICAL |
| Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file. | |||||
| CVE-2022-27803 | 1 Cybozu | 1 Garoon | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. | |||||