Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25163 | 2 Mistubishi, Mitsubishi | 6 Melsec Qj71e71-100, Melsec Iq-r Rd81mes96n, Melsec Iq-r Rd81mes96n Firmware and 3 more | 2022-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets. | |||||
| CVE-2021-35531 | 1 Abb | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2022-06-16 | 7.2 HIGH | 6.7 MEDIUM |
| Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | |||||
| CVE-2022-31013 | 1 Chat Server Project | 1 Chat Server | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0. | |||||
| CVE-2022-28224 | 1 Tigera | 2 Calico Enterprise, Calico Os | 2022-06-14 | 5.5 MEDIUM | 5.5 MEDIUM |
| Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. | |||||
| CVE-2022-30233 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2022-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||
| CVE-2022-30232 | 1 Schneider-electric | 2 Powerlogic Ion Setup, Powerlogic Ion Setup Firmware | 2022-06-13 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||
| CVE-2022-30721 | 1 Google | 1 Android | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-30719 | 1 Google | 1 Android | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-30720 | 1 Google | 1 Android | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-30712 | 1 Google | 1 Android | 2022-06-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30713 | 1 Google | 1 Android | 2022-06-10 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30710 | 1 Google | 1 Android | 2022-06-10 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30711 | 1 Google | 1 Android | 2022-06-10 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30709 | 1 Google | 1 Android | 2022-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2021-26634 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. | |||||
| CVE-2022-29169 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. | |||||
| CVE-2022-22676 | 1 Apple | 1 Macos | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. | |||||
| CVE-2018-4036 | 1 Macpaw | 1 Cleanmymac X | 2022-06-07 | 2.1 LOW | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. | |||||
| CVE-2018-4034 | 1 Macpaw | 1 Cleanmymac X | 2022-06-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | |||||
| CVE-2018-4033 | 1 Macpaw | 1 Cleanmymac X | 2022-06-07 | 6.6 MEDIUM | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | |||||