Total
452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21230 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21137 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702 | |||||
| CVE-2023-0572 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 5.3 MEDIUM |
| Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2022-45854 | 1 Zyxel | 12 Nwa110ax, Nwa110ax Firmware, Nwa210ax and 9 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. | |||||
| CVE-2022-45788 | 1 Schneider-electric | 108 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 105 more | 2024-11-21 | N/A | 7.5 HIGH |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions) | |||||
| CVE-2022-43393 | 1 Zyxel | 90 Gs1350-12hp, Gs1350-12hp Firmware, Gs1350-18hp and 87 more | 2024-11-21 | N/A | 8.2 HIGH |
| An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. | |||||
| CVE-2022-3616 | 1 Cloudflare | 1 Octorpki | 2024-11-21 | N/A | 5.4 MEDIUM |
| Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability. | |||||
| CVE-2022-3192 | 1 Abb | 30 Ac500 Cpu Firmware, Pm5630-2eth, Pm5650-2eth and 27 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6. | |||||
| CVE-2022-39288 | 1 Fastify | 1 Fastify | 2024-11-21 | N/A | 7.5 HIGH |
| fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers. | |||||
| CVE-2022-38235 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | |||||
| CVE-2022-38234 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | |||||
| CVE-2022-38233 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
| XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. | |||||
| CVE-2022-38152 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | |||||
| CVE-2022-36794 | 1 Intel | 1 Server Platform Services | 2024-11-21 | N/A | 6.0 MEDIUM |
| Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-36145 | 1 Swfmill | 1 Swfmill | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord(). | |||||
| CVE-2022-36141 | 1 Swfmill | 1 Swfmill | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | |||||
| CVE-2022-36140 | 1 Swfmill | 1 Swfmill | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). | |||||
| CVE-2022-36046 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2024-11-21 | N/A | 5.3 MEDIUM |
| Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. | |||||
| CVE-2022-35473 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. | |||||
| CVE-2022-35469 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | N/A | 6.5 MEDIUM |
| OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384. | |||||