Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39196 | 1 Pcapture Project | 1 Pcapture | 2022-08-05 | 6.8 MEDIUM | 6.5 MEDIUM |
| pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater. | |||||
| CVE-2021-39187 | 1 Parseplatform | 1 Parse-server | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist. | |||||
| CVE-2021-39184 | 1 Electronjs | 1 Electron | 2022-08-05 | 5.0 MEDIUM | 8.6 HIGH |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it. | |||||
| CVE-2022-26438 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013. | |||||
| CVE-2022-35118 | 1 Pyrocms | 1 Pyrocms | 2022-08-04 | N/A | 6.1 MEDIUM |
| PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2022-2596 | 1 Node-fetch Project | 1 Node-fetch | 2022-08-04 | N/A | 5.9 MEDIUM |
| Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10. | |||||
| CVE-2022-2595 | 1 Kromit | 1 Titra | 2022-08-04 | N/A | 10.0 CRITICAL |
| Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. | |||||
| CVE-2022-26444 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075. | |||||
| CVE-2022-26443 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068. | |||||
| CVE-2022-26442 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051. | |||||
| CVE-2022-26439 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020. | |||||
| CVE-2022-26437 | 1 Mediatek | 3 Mt2621, Mt2625, Nbiot Sdk | 2022-08-04 | N/A | 9.8 CRITICAL |
| In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831. | |||||
| CVE-2022-26436 | 2 Google, Mediatek | 5 Android, Mt6855, Mt6879 and 2 more | 2022-08-04 | N/A | 4.4 MEDIUM |
| In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666. | |||||
| CVE-2022-26445 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088. | |||||
| CVE-2022-26441 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044. | |||||
| CVE-2022-26440 | 1 Mediatek | 26 Mt7603, Mt7603 Firmware, Mt7610 and 23 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037. | |||||
| CVE-2022-26429 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6735 and 39 more | 2022-08-04 | N/A | 7.8 HIGH |
| In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415. | |||||
| CVE-2022-26428 | 2 Google, Mediatek | 12 Android, Mt6739, Mt6761 and 9 more | 2022-08-04 | N/A | 6.4 MEDIUM |
| In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260. | |||||
| CVE-2022-26427 | 2 Google, Mediatek | 6 Android, Mt6833, Mt6853 and 3 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540. | |||||
| CVE-2022-26426 | 2 Google, Mediatek | 22 Android, Mt6833, Mt6853 and 19 more | 2022-08-04 | N/A | 6.7 MEDIUM |
| In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486. | |||||