Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32235 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-35116 | 1 Qualcomm | 226 Apq8009, Apq8009 Firmware, Apq8009w and 223 more | 2022-06-24 | 6.6 MEDIUM | 7.1 HIGH |
| APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-20156 | 1 Google | 1 Android | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | |||||
| CVE-2022-20205 | 1 Google | 1 Android | 2022-06-23 | 2.1 LOW | 5.5 MEDIUM |
| In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561 | |||||
| CVE-2022-20186 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A | |||||
| CVE-2021-30338 | 1 Qualcomm | 4 Sd850, Sd850 Firmware, Sdxr1 and 1 more | 2022-06-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute | |||||
| CVE-2022-32240 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32242 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32241 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32243 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-31041 | 1 Maykinmedia | 1 Open Forms | 2022-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. | |||||
| CVE-2022-20134 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | |||||
| CVE-2022-20129 | 1 Google | 1 Android | 2022-06-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | |||||
| CVE-2018-1199 | 3 Oracle, Redhat, Vmware | 5 Rapid Planning, Retail Xstore Point Of Service, Fuse and 2 more | 2022-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. | |||||
| CVE-2022-32237 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32238 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32253 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. | |||||
| CVE-2021-35111 | 1 Qualcomm | 76 Ar8035, Ar8035 Firmware, Qca6390 and 73 more | 2022-06-22 | 7.1 HIGH | 5.9 MEDIUM |
| Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2022-22475 | 1 Ibm | 2 Open Liberty, Websphere Application Server | 2022-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. | |||||
| CVE-2022-26531 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2022-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | |||||