Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-46754 |
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. Published: May 09, 2023; 4:15:12 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2022-23818 |
Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. Published: May 09, 2023; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-46775 |
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. Published: May 09, 2023; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2021-46769 |
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. Published: May 09, 2023; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2021-46762 |
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. Published: May 09, 2023; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-28200 |
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory. Published: May 08, 2023; 4:15:19 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-27961 |
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. Published: May 08, 2023; 4:15:18 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-31039 |
Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218 Published: May 08, 2023; 5:15:09 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-31047 |
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. Published: May 06, 2023; 10:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-30434 |
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. Published: May 05, 2023; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-43919 |
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. Published: May 05, 2023; 11:15:09 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-21502 |
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. Published: May 04, 2023; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-21501 |
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. Published: May 04, 2023; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-21498 |
Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. Published: May 04, 2023; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-26125 |
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. Published: May 04, 2023; 1:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2023-26022 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. Published: April 28, 2023; 3:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-26021 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. Published: April 28, 2023; 3:15:16 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-27555 |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. Published: April 28, 2023; 2:15:26 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-25930 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. Published: April 28, 2023; 2:15:26 PM -0400 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2023-29255 |
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. Published: April 27, 2023; 9:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |