Total
436 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29017 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. | |||||
CVE-2022-20726 | 1 Cisco | 3 Cgr1000 Compute Module, Ic3000 Industrial Compute Gateway, Ios | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-24863 | 1 Http-swagger Project | 1 Http-swagger | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down to improper handling of http methods. Users are advised to upgrade. Users unable to upgrade may to restrict the path prefix to the "GET" method as a workaround. | |||||
CVE-2022-20678 | 1 Cisco | 25 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1101 Integrated Services Router and 22 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. | |||||
CVE-2022-27167 | 1 Eset | 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0. | |||||
CVE-2022-30725 | 1 Google | 1 Android | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
CVE-2022-31799 | 3 Bottlepy, Debian, Fedoraproject | 3 Bottle, Debian Linux, Fedora | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Bottle before 0.12.20 mishandles errors during early request binding. | |||||
CVE-2022-21155 | 4 Apple, Fernhillsoftware, Linux and 1 more | 4 Macos, Scada Server, Linux Kernel and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. | |||||
CVE-2022-21218 | 1 Intel | 1 Trace Analyzer And Collector | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2022-21820 | 2 Linux, Nvidia | 2 Linux Kernel, Data Center Gpu Manager | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. | |||||
CVE-2022-20088 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. | |||||
CVE-2022-20748 | 1 Cisco | 1 Firepower Threat Defense | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted. | |||||
CVE-2021-37851 | 1 Eset | 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0. | |||||
CVE-2022-20076 | 2 Google, Mediatek | 63 Android, Mt6580, Mt6731 and 60 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556. | |||||
CVE-2022-27841 | 1 Samsung | 1 Samsung Pass | 2023-12-10 | 1.9 LOW | 4.3 MEDIUM |
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | |||||
CVE-2022-20111 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6735 and 50 more | 2023-12-10 | 4.6 MEDIUM | 8.4 HIGH |
In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069. | |||||
CVE-2022-30727 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | |||||
CVE-2022-23161 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service. | |||||
CVE-2022-27872 | 1 Autodesk | 1 Navisworks | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code. | |||||
CVE-2022-20057 | 2 Google, Mediatek | 23 Android, Mt6739, Mt6758 and 20 more | 2023-12-10 | 4.4 MEDIUM | 6.5 MEDIUM |
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186. |