Total
232 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8744 | 2 Intel, Siemens | 9 Converged Security And Management Engine, Server Platform Services, Trusted Execution Engine and 6 more | 2022-10-19 | 4.6 MEDIUM | 7.8 HIGH |
Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-39284 | 1 Codeigniter | 1 Codeigniter | 2022-10-11 | N/A | 4.3 MEDIUM |
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA. | |||||
CVE-2022-2472 | 1 Ezviz | 2 Cs-c6n-a0-1c2wfr, Cs-c6n-a0-1c2wfr Firmware | 2022-09-19 | N/A | 5.5 MEDIUM |
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. | |||||
CVE-2022-36061 | 1 Elrond | 1 Elrond Go | 2022-09-09 | N/A | 9.8 CRITICAL |
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds. | |||||
CVE-2022-37128 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-09-07 | N/A | 9.8 CRITICAL |
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | |||||
CVE-2020-10725 | 4 Dpdk, Fedoraproject, Opensuse and 1 more | 4 Data Plane Development Kit, Fedora, Leap and 1 more | 2022-09-02 | 4.0 MEDIUM | 7.7 HIGH |
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. | |||||
CVE-2014-0178 | 1 Samba | 1 Samba | 2022-09-01 | 3.5 LOW | N/A |
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. | |||||
CVE-2017-15897 | 1 Nodejs | 1 Node.js | 2022-09-01 | 4.3 MEDIUM | 3.1 LOW |
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. | |||||
CVE-2021-4218 | 1 Linux | 1 Linux Kernel | 2022-08-30 | N/A | 5.5 MEDIUM |
A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL. | |||||
CVE-2022-32579 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 7.2 HIGH |
Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
CVE-2022-27493 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2022-08-24 | N/A | 7.8 HIGH |
Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
CVE-2021-23223 | 1 Intel | 10 Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1675 Firmware, Killer Wi-fi 6e Ax1690 and 7 more | 2022-08-19 | N/A | 7.8 HIGH |
Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-24378 | 1 Intel | 1 Data Center Manager | 2022-08-19 | N/A | 5.5 MEDIUM |
Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2022-08-17 | 7.5 HIGH | N/A |
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | |||||
CVE-2022-36364 | 1 Apache | 1 Apache Calcite Avatica | 2022-08-03 | N/A | 8.8 HIGH |
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor. | |||||
CVE-2021-1820 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. | |||||
CVE-2021-38647 | 1 Microsoft | 10 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics \(lad\) and 7 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
Open Management Infrastructure Remote Code Execution Vulnerability | |||||
CVE-2021-39636 | 1 Google | 1 Android | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel | |||||
CVE-2021-0423 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714. | |||||
CVE-2021-1661 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
Windows Installer Elevation of Privilege Vulnerability |