Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45289 | 1 Gpac | 1 Gpac | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. | |||||
| CVE-2021-36762 | 1 Hcc-embedded | 1 Nichestack | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\0' byte exists within a reasonable range). | |||||
| CVE-2022-27411 | 1 Totolink | 2 N600r, N600r Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. | |||||
| CVE-2022-25214 | 1 Phicomm | 10 K2, K2 Firmware, K2g and 7 more | 2023-08-08 | 5.8 MEDIUM | 7.4 HIGH |
| Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN. | |||||
| CVE-2022-28096 | 1 Skycaiji | 1 Skycaiji | 2023-08-08 | 6.5 MEDIUM | 7.2 HIGH |
| Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. | |||||
| CVE-2022-21163 | 1 Intel | 1 Crypto Api Toolkit For Intel Sgx | 2023-08-08 | N/A | 7.8 HIGH |
| Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29639 | 1 Totolink | 2 A3100r, A3100r Firmware | 2023-08-08 | 9.3 HIGH | 8.1 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. | |||||
| CVE-2022-26198 | 1 Notable | 1 Notable | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. | |||||
| CVE-2022-29518 | 1 Koyoele | 18 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 15 more | 2023-08-08 | 5.9 MEDIUM | 7.0 HIGH |
| Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting's account names. This may allow attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI. | |||||
| CVE-2022-25987 | 1 Intel | 2 C\+\+ Compiler Classic, Oneapi Toolkits | 2023-08-08 | N/A | 9.8 CRITICAL |
| Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-35538 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2023-08-08 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml. | |||||
| CVE-2022-37843 | 1 Totolink | 2 A860r, A860r Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. | |||||
| CVE-2022-27808 | 2 Intel, Microsoft | 2 Administrative Tools For Intel Network Adapters, Windows | 2023-08-08 | N/A | 7.8 HIGH |
| Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-20612 | 1 Mitsubishielectric | 6 Fx3u-enet, Fx3u-enet-l, Fx3u-enet-l Firmware and 3 more | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery. | |||||
| CVE-2022-30707 | 1 Yokogawa | 11 B\/m9000 Vp, B\/m9000cs, Centum Cs 3000 and 8 more | 2023-08-08 | 5.4 MEDIUM | 8.8 HIGH |
| Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. | |||||
| CVE-2021-30349 | 1 Qualcomm | 282 Aqt1000, Aqt1000 Firmware, Ar8031 and 279 more | 2023-08-08 | 7.2 HIGH | 6.7 MEDIUM |
| Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-36267 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device. | |||||
| CVE-2022-36797 | 1 Vmware | 1 Ixgben | 2023-08-08 | N/A | 5.5 MEDIUM |
| Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-23443 | 1 Fortinet | 1 Fortisoar | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | |||||
| CVE-2022-25213 | 1 Phicomm | 10 K2, K2 Firmware, K2g and 7 more | 2023-08-08 | 7.2 HIGH | 6.8 MEDIUM |
| Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell. | |||||