Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6230 | 1 Wp-ban Project | 1 Wp-ban | 2022-12-23 | 4.3 MEDIUM | N/A |
| WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. | |||||
| CVE-2022-42534 | 1 Google | 1 Android | 2022-12-21 | N/A | 7.8 HIGH |
| In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A | |||||
| CVE-2022-42544 | 1 Google | 1 Android | 2022-12-21 | N/A | 7.8 HIGH |
| In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 | |||||
| CVE-2022-43484 | 1 Nttdata | 2 Terasoluna Global Framework, Terasoluna Server Framework For Java \(rich\) | 2022-12-21 | N/A | 7.8 HIGH |
| TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. | |||||
| CVE-2022-20574 | 1 Google | 1 Android | 2022-12-21 | N/A | 5.5 MEDIUM |
| In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A | |||||
| CVE-2022-20569 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
| In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A | |||||
| CVE-2022-20592 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A | |||||
| CVE-2022-20590 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A | |||||
| CVE-2022-20589 | 1 Google | 1 Android | 2022-12-20 | N/A | 4.4 MEDIUM |
| In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A | |||||
| CVE-2022-20587 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A | |||||
| CVE-2022-20586 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A | |||||
| CVE-2022-20585 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A | |||||
| CVE-2022-20584 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A | |||||
| CVE-2022-20512 | 1 Google | 1 Android | 2022-12-20 | N/A | 7.8 HIGH |
| In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879 | |||||
| CVE-2021-28655 | 1 Apache | 1 Zeppelin | 2022-12-20 | N/A | 6.5 MEDIUM |
| The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | |||||
| CVE-2022-20543 | 1 Google | 1 Android | 2022-12-19 | N/A | 2.3 LOW |
| In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261 | |||||
| CVE-2022-20545 | 1 Google | 1 Android | 2022-12-19 | N/A | 7.5 HIGH |
| In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697 | |||||
| CVE-2022-46768 | 1 Zabbix | 2 Web Service Report Generation, Zabbix-agent2 | 2022-12-19 | N/A | 5.9 MEDIUM |
| Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files. | |||||
| CVE-2022-4504 | 1 Open-emr | 1 Openemr | 2022-12-16 | N/A | 7.5 HIGH |
| Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
| CVE-2022-46363 | 1 Apache | 1 Cxf | 2022-12-15 | N/A | 7.5 HIGH |
| A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. | |||||