Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20166 | 1 Google | 1 Android | 2022-06-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel | |||||
| CVE-2022-20165 | 1 Google | 1 Android | 2022-06-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A | |||||
| CVE-2022-20162 | 1 Google | 1 Android | 2022-06-23 | 4.9 MEDIUM | 4.4 MEDIUM |
| In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A | |||||
| CVE-2022-20154 | 1 Google | 1 Android | 2022-06-23 | 4.4 MEDIUM | 6.4 MEDIUM |
| In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel | |||||
| CVE-2022-20153 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 6.7 MEDIUM |
| In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel | |||||
| CVE-2022-27220 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | |||||
| CVE-2021-42732 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-23 | 6.8 MEDIUM | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788) | |||||
| CVE-2022-32151 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
| CVE-2022-1342 | 1 Devolutions | 1 Remote Desktop Manager | 2022-06-23 | 2.1 LOW | 4.6 MEDIUM |
| A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | |||||
| CVE-2022-32152 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
| CVE-2022-32154 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-23 | 4.0 MEDIUM | 8.1 HIGH |
| Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will. | |||||
| CVE-2022-32153 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-23 | 6.8 MEDIUM | 8.1 HIGH |
| Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
| CVE-2022-32155 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services. | |||||
| CVE-2022-32157 | 1 Splunk | 1 Splunk | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation. | |||||
| CVE-2021-40727 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-23 | 9.3 HIGH | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788 | |||||
| CVE-2022-29925 | 1 Fujielectric | 1 V-sft | 2022-06-23 | 6.8 MEDIUM | 7.8 HIGH |
| Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2021-30340 | 1 Qualcomm | 106 Ar8035, Ar8035 Firmware, Qca6390 and 103 more | 2022-06-23 | 7.8 HIGH | 7.5 HIGH |
| Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-20164 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A | |||||
| CVE-2022-20160 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A | |||||
| CVE-2021-30339 | 1 Qualcomm | 110 Ar8035, Ar8035 Firmware, Qca6391 and 107 more | 2022-06-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||