Weekly Vulnerabilities Reports > October 10 to 16, 2022
Overview
637 new vulnerabilities reported during this period, including 83 critical vulnerabilities and 316 high severity vulnerabilities. This weekly summary report vulnerabilities in 936 products from 164 vendors including Microsoft, Google, SAP, Huawei, and Adobe. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "Missing Authorization", "Unrestricted Upload of File with Dangerous Type", and "SQL Injection".
- 381 reported vulnerabilities are remotely exploitables.
- 126 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 343 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 87 reported vulnerabilities.
- Democritus has the most reported critical vulnerabilities, with 17 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
83 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-10-11 | CVE-2022-37968 | Microsoft | Unspecified vulnerability in Microsoft Azure Arc-Enabled Kubernetes and Azure Stack Edge Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. | 10.0 |
2022-10-16 | CVE-2022-42968 | Gitea | Argument Injection or Modification vulnerability in Gitea Gitea before 1.17.3 does not sanitize and escape refs in the git backend. | 9.8 |
2022-10-15 | CVE-2017-20149 | Mikrotik | Out-of-bounds Write vulnerability in Mikrotik Routeros The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. | 9.8 |
2022-10-14 | CVE-2022-35690 | Adobe | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
2022-10-14 | CVE-2022-35710 | Adobe | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
2022-10-14 | CVE-2022-35711 | Adobe | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
2022-10-14 | CVE-2022-35712 | Adobe | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
2022-10-14 | CVE-2022-38418 | Adobe | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
2022-10-14 | CVE-2022-38980 | Huawei | Out-of-bounds Write vulnerability in Huawei Harmonyos 2.0/2.1 The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. | 9.8 |
2022-10-14 | CVE-2022-38982 | Huawei | Unspecified vulnerability in Huawei Harmonyos 2.0 The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | 9.8 |
2022-10-14 | CVE-2022-38983 | Huawei | Use After Free vulnerability in Huawei Emui and Harmonyos The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. | 9.8 |
2022-10-14 | CVE-2022-41578 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. | 9.8 |
2022-10-14 | CVE-2022-41580 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 9.8 |
2022-10-14 | CVE-2022-42064 | Online Diagnostic LAB Management System Project | SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | 9.8 |
2022-10-14 | CVE-2022-3504 | Sanitization Management System Project | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. | 9.8 |
2022-10-14 | CVE-2022-3439 | Ikus Soft | Allocation of Resources Without Limits or Throttling vulnerability in Ikus-Soft Rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. | 9.8 |
2022-10-14 | CVE-2022-37602 | Grunt Karma Project | Unspecified vulnerability in Grunt-Karma Project Grunt-Karma 4.0.1 Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js. | 9.8 |
2022-10-13 | CVE-2022-39303 | Ree6 | SQL Injection vulnerability in Ree6 Ree6 is a moderation bot. | 9.8 |
2022-10-13 | CVE-2022-41390 | Ocomon Project | SQL Injection vulnerability in Ocomon Project Ocomon 4.0 OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | 9.8 |
2022-10-13 | CVE-2022-41391 | Ocomon Project | SQL Injection vulnerability in Ocomon Project Ocomon 4.0 OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. | 9.8 |
2022-10-13 | CVE-2022-41495 | Clippercms | Server-Side Request Forgery (SSRF) vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | 9.8 |
2022-10-13 | CVE-2022-41496 | Idreamsoft | Server-Side Request Forgery (SSRF) vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | 9.8 |
2022-10-13 | CVE-2022-41497 | Clippercms | Server-Side Request Forgery (SSRF) vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | 9.8 |
2022-10-13 | CVE-2022-3456 | Ikus Soft | Allocation of Resources Without Limits or Throttling vulnerability in Ikus-Soft Rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. | 9.8 |
2022-10-13 | CVE-2022-3457 | Ikus Soft | Origin Validation Error vulnerability in Ikus-Soft Rdiffweb Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. | 9.8 |
2022-10-13 | CVE-2022-39293 | Microsoft | Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. | 9.8 |
2022-10-13 | CVE-2022-24697 | Apache | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
2022-10-13 | CVE-2022-42889 | Apache Netapp Juniper | Code Injection vulnerability in multiple products Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |
2022-10-13 | CVE-2022-42897 | Arraynetworks | Command Injection vulnerability in Arraynetworks Arrayos AG 9.4.0.469 Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. | 9.8 |
2022-10-12 | CVE-2022-39297 | Melistechnology | Deserialization of Untrusted Data vulnerability in Melistechnology Meliscms MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. | 9.8 |
2022-10-12 | CVE-2022-39298 | Melistechnology | Deserialization of Untrusted Data vulnerability in Melistechnology Meliscms MelisFront is the engine that displays website hosted on Melis Platform. | 9.8 |
2022-10-12 | CVE-2018-18446 | Dotpdn | Deserialization of Untrusted Data vulnerability in Dotpdn Paint.Net dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). | 9.8 |
2022-10-12 | CVE-2018-18447 | Dotpdn | Deserialization of Untrusted Data vulnerability in Dotpdn Paint.Net dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). | 9.8 |
2022-10-12 | CVE-2022-31228 | Dell | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell Xtremio Management Server 6.3.0/6.3.38 Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. | 9.8 |
2022-10-12 | CVE-2022-37601 | Webpack JS Debian | Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. | 9.8 |
2022-10-12 | CVE-2022-41403 | Newsletter Subscribe Popup Regular Module Project | SQL Injection vulnerability in Newsletter Subscribe (Popup + Regular Module) Project Newsletter Subscribe (Popup + Regular Module) 4.0 OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. | 9.8 |
2022-10-12 | CVE-2022-3467 | Jiusi | Improper Enforcement of Message or Data Structure vulnerability in Jiusi OA A vulnerability classified as critical was found in Jiusi OA. | 9.8 |
2022-10-12 | CVE-2022-33106 | Wijungle | Improper Restriction of Excessive Authentication Attempts vulnerability in Wijungle U250 Firmware WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | 9.8 |
2022-10-12 | CVE-2022-37614 | Mockery Project | Unspecified vulnerability in Mockery Project Mockery 2.1.0 Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js. | 9.8 |
2022-10-12 | CVE-2022-40871 | Dolibarr | Code Injection vulnerability in Dolibarr Erp/Crm Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. | 9.8 |
2022-10-12 | CVE-2022-3465 | Mediabridgeproducts | Improper Authentication vulnerability in Mediabridgeproducts Mlwr-Ac1200R Firmware A vulnerability classified as critical was found in Mediabridge Medialink. | 9.8 |
2022-10-12 | CVE-2022-3458 | Oretnom23 | Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. | 9.8 |
2022-10-12 | CVE-2022-40664 | Apache | Improper Authentication vulnerability in Apache Shiro Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | 9.8 |
2022-10-12 | CVE-2022-37611 | GH Pages Project | Unspecified vulnerability in Gh-Pages Project Gh-Pages 3.1.0 Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. | 9.8 |
2022-10-12 | CVE-2022-41408 | Online PET Shop WE APP Project | SQL Injection vulnerability in Online PET Shop WE APP Project Online PET Shop WE APP 1.0 Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | 9.8 |
2022-10-11 | CVE-2022-37617 | Browserify Shim Project | Unspecified vulnerability in Browserify-Shim Project Browserify-Shim 3.8.15 Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. | 9.8 |
2022-10-11 | CVE-2022-41380 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Yaml 0.1.0 The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-41381 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Utility 0.1.0 The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-41382 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Json 0.1.0 The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-41383 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Archives 0.1.0 The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-41384 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Domains 0.1.0 The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-41385 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Html 0.1.0 The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-41386 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Utility 0.1.0 The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-41387 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Pdfs 0.1.0 The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42036 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Urls 0.1.0 The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42037 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Asns 0.1.0 The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42038 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Ip-Addresses 0.1.0 The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42039 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Lists 0.1.0 The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42040 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Algorithms 0.1.0 The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42041 | Democritus | Unspecified vulnerability in Democritus D8S-File-System 0.1.0 The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42042 | Democritus | Unspecified vulnerability in Democritus D8S-Networking 0.1.0 The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42043 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Xml 0.1.0 The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-42044 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Asns 0.1.0 The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-10-11 | CVE-2022-35299 | SAP | Stack-based Buffer Overflow vulnerability in SAP IQ and SQL Anywhere SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | 9.8 |
2022-10-11 | CVE-2020-14129 | MI | Unspecified vulnerability in MI Xiaomi A logic vulnerability exists in a Xiaomi product. | 9.8 |
2022-10-11 | CVE-2020-14131 | MI | Unspecified vulnerability in MI Xiaomi The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | 9.8 |
2022-10-11 | CVE-2022-37609 | JS Beautify Project | Unspecified vulnerability in Js-Beautify Project Js-Beautify 1.13.7 Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. | 9.8 |
2022-10-11 | CVE-2022-36361 | Siemens | Classic Buffer Overflow vulnerability in Siemens Logo!8 BM Fs-05 Firmware and Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). | 9.8 |
2022-10-11 | CVE-2022-37616 | Xmldom Project Debian | A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. | 9.8 |
2022-10-11 | CVE-2022-35289 | Integer Overflow or Wraparound vulnerability in Facebook Hermes A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. | 9.8 | |
2022-10-11 | CVE-2022-40138 | Incorrect Conversion between Numeric Types vulnerability in Facebook Hermes An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. | 9.8 | |
2022-10-11 | CVE-2022-32234 | Out-of-bounds Write vulnerability in Facebook Hermes An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. | 9.8 | |
2022-10-10 | CVE-2022-36063 | Microsoft | Improper Validation of Specified Quantity in Input vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. | 9.8 |
2022-10-12 | CVE-2022-42711 | Progress | Cross-site Scripting vulnerability in Progress Whatsup Gold In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. | 9.6 |
2022-10-14 | CVE-2022-41436 | Oxhoo | Improper Authentication vulnerability in Oxhoo Tp50 Firmware Oxh1.50 An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. | 9.1 |
2022-10-14 | CVE-2022-41477 | Webidsupport | Server-Side Request Forgery (SSRF) vulnerability in Webidsupport Webid A security issue was discovered in WeBid <=1.2.2. | 9.1 |
2022-10-14 | CVE-2021-46839 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 9.1 |
2022-10-14 | CVE-2021-46840 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 9.1 |
2022-10-14 | CVE-2022-38986 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. | 9.1 |
2022-10-14 | CVE-2022-41581 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | 9.1 |
2022-10-10 | CVE-2022-41746 | Trendmicro | Forced Browsing vulnerability in Trendmicro Apex ONE 2019 A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. | 9.1 |
2022-10-14 | CVE-2022-32177 | GIN VUE Admin Project | Unrestricted Upload of File with Dangerous Type vulnerability in Gin-Vue-Admin Project Gin-Vue-Admin In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. | 9.0 |
2022-10-11 | CVE-2022-32174 | Gogs | Cross-site Scripting vulnerability in Gogs In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | 9.0 |
316 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-10-14 | CVE-2022-39311 | Thoughtworks | Deserialization of Untrusted Data vulnerability in Thoughtworks Gocd GoCD is a continuous delivery server. | 8.8 |
2022-10-14 | CVE-2021-27406 | Perfact | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Perfact Openvpn-Client An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. | 8.8 |
2022-10-14 | CVE-2022-42234 | Ucms Project | Files or Directories Accessible to External Parties vulnerability in Ucms Project Ucms 1.6 There is a file inclusion vulnerability in the template management module in UCMS 1.6 | 8.8 |
2022-10-14 | CVE-2022-42070 | Online Birth Certificate Management System Project | Cross-Site Request Forgery (CSRF) vulnerability in Online Birth Certificate Management System Project Online Birth Certificate Management System 1.0 Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 |
2022-10-14 | CVE-2022-42463 | Openharmony | Improper Authentication vulnerability in Openharmony 3.1/3.1.1/3.1.2 OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. | 8.8 |
2022-10-14 | CVE-2022-3496 | Oretnom23 | Unspecified vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. | 8.8 |
2022-10-14 | CVE-2022-41538 | Wedding Planner Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0 Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. | 8.8 |
2022-10-14 | CVE-2022-41539 | Wedding Planner Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0 Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. | 8.8 |
2022-10-14 | CVE-2022-36803 | Atlassian | Incorrect Default Permissions vulnerability in Atlassian Jira Align The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. | 8.8 |
2022-10-13 | CVE-2022-35135 | Boodskap | Improper Authentication vulnerability in Boodskap IOT Platform 4.4.902 Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | 8.8 |
2022-10-13 | CVE-2022-42719 | Linux Fedoraproject Debian | Use After Free vulnerability in multiple products A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. | 8.8 |
2022-10-13 | CVE-2022-42156 | Dlink | Command Injection vulnerability in Dlink products D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. | 8.8 |
2022-10-13 | CVE-2022-42160 | Dlink | Command Injection vulnerability in Dlink products D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | 8.8 |
2022-10-13 | CVE-2022-42161 | Dlink | Command Injection vulnerability in Dlink products D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | 8.8 |
2022-10-13 | CVE-2022-3492 | Oretnom23 | OS Command Injection vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. | 8.8 |
2022-10-13 | CVE-2022-41475 | Rpcms | Cross-Site Request Forgery (CSRF) vulnerability in Rpcms 3.0.2 RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. | 8.8 |
2022-10-13 | CVE-2022-37208 | Jflyfox | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection. | 8.8 |
2022-10-13 | CVE-2022-42902 | Linaro Debian | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. | 8.8 |
2022-10-13 | CVE-2022-34020 | Resiot | Cross-Site Request Forgery (CSRF) vulnerability in Resiot IOT Platform and Lorawan Network Server Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts. | 8.8 |
2022-10-12 | CVE-2022-40469 | Ikuai8 | Unspecified vulnerability in Ikuai8 Ikuaios iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. | 8.8 |
2022-10-12 | CVE-2022-28866 | Nokia | Missing Authorization vulnerability in Nokia Airframe BMC web GUI R18 Firmware Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. | 8.8 |
2022-10-11 | CVE-2022-40777 | Interspire | Unrestricted Upload of File with Dangerous Type vulnerability in Interspire Email Marketer Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. | 8.8 |
2022-10-11 | CVE-2022-41204 | SAP | Open Redirect vulnerability in SAP Commerce An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. | 8.8 |
2022-10-11 | CVE-2022-20429 | Unspecified vulnerability in Google Android In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. | 8.8 | |
2022-10-11 | CVE-2022-37975 | Microsoft | Unspecified vulnerability in Microsoft products Windows Group Policy Elevation of Privilege Vulnerability | 8.8 |
2022-10-11 | CVE-2022-37976 | Microsoft | Unspecified vulnerability in Microsoft products Active Directory Certificate Services Elevation of Privilege Vulnerability | 8.8 |
2022-10-11 | CVE-2022-37982 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2022-10-11 | CVE-2022-38016 | Microsoft | Unspecified vulnerability in Microsoft products Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 8.8 |
2022-10-11 | CVE-2022-38031 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2022-10-11 | CVE-2022-38034 | Microsoft | Unspecified vulnerability in Microsoft products Windows Workstation Service Elevation of Privilege Vulnerability | 8.8 |
2022-10-11 | CVE-2022-38040 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
2022-10-11 | CVE-2022-38045 | Microsoft | Unspecified vulnerability in Microsoft products Windows Server Service Elevation of Privilege Vulnerability | 8.8 |
2022-10-11 | CVE-2022-38053 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2022-10-11 | CVE-2022-41036 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2022-10-11 | CVE-2022-41037 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2022-10-11 | CVE-2022-41038 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2022-10-11 | CVE-2022-42034 | Wedding Planner Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0 Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | 8.8 |
2022-10-11 | CVE-2022-42229 | Wedding Planner Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Planner Project Wedding Planner 1.0 Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | 8.8 |
2022-10-11 | CVE-2022-42238 | Merchandise Online Store Project | Forced Browsing vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | 8.8 |
2022-10-11 | CVE-2022-32486 | Dell | Improper Input Validation vulnerability in Dell Bios Dell BIOS contains an improper input validation vulnerability. | 8.8 |
2022-10-11 | CVE-2022-32492 | Dell | Improper Input Validation vulnerability in Dell Bios Dell BIOS contains an improper input validation vulnerability. | 8.8 |
2022-10-11 | CVE-2022-34426 | Dell | Path Traversal vulnerability in Dell Container Storage Modules 1.3.0 Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. | 8.8 |
2022-10-11 | CVE-2022-34427 | Dell | OS Command Injection vulnerability in Dell Container Storage Modules 1.3.0 Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. | 8.8 |
2022-10-11 | CVE-2022-31765 | Siemens | Missing Authorization vulnerability in Siemens products Affected devices do not properly authorize the change password function of the web interface. | 8.8 |
2022-10-11 | CVE-2022-40182 | Siemens | Execution with Unnecessary Privileges vulnerability in Siemens products A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). | 8.8 |
2022-10-11 | CVE-2022-41665 | Siemens | Improper Neutralization of Parameter/Argument Delimiters vulnerability in Siemens products A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). | 8.8 |
2022-10-14 | CVE-2022-28759 | Zoom | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703 Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. | 8.6 |
2022-10-11 | CVE-2022-31766 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE S615 EEC (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (US) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (US) (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (US) (All versions >= V1.1.0 < V2.0). | 8.6 |
2022-10-10 | CVE-2022-20837 | Cisco | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XE A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 8.6 |
2022-10-10 | CVE-2022-20870 | Cisco | Unspecified vulnerability in Cisco IOS XE A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 8.6 |
2022-10-11 | CVE-2022-40181 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). | 8.3 |
2022-10-11 | CVE-2022-34432 | Dell | Unspecified vulnerability in Dell Hybrid Client Dell Hybrid Client below 1.8 version contains a gedit vulnerability. | 8.2 |
2022-10-14 | CVE-2022-39064 | Ikea | Unspecified vulnerability in Ikea Tradfri Led1732G11 Firmware An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. | 8.1 |
2022-10-14 | CVE-2022-2780 | Octopus | Authentication Bypass by Capture-replay vulnerability in Octopus Server In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. | 8.1 |
2022-10-14 | CVE-2022-41674 | Linux Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel before 5.19.16. | 8.1 |
2022-10-13 | CVE-2022-39300 | Node Saml Project | Improper Verification of Cryptographic Signature vulnerability in Node Saml Project Node Saml node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. | 8.1 |
2022-10-13 | CVE-2022-41489 | Wayos | Cross-Site Request Forgery (CSRF) vulnerability in Wayos products WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. | 8.1 |
2022-10-12 | CVE-2022-39299 | Passport Saml Project | Improper Verification of Cryptographic Signature vulnerability in Passport-Saml Project Passport-Saml Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. | 8.1 |
2022-10-12 | CVE-2022-0030 | Paloaltonetworks | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | 8.1 |
2022-10-11 | CVE-2022-22035 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-10-11 | CVE-2022-24504 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-10-11 | CVE-2022-30198 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-10-11 | CVE-2022-33634 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-10-11 | CVE-2022-38000 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-10-11 | CVE-2022-38047 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-10-11 | CVE-2022-41081 | Microsoft | Unspecified vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-10-11 | CVE-2022-40179 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). | 8.1 |
2022-10-11 | CVE-2022-40226 | Siemens | Session Fixation vulnerability in Siemens products A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). | 8.1 |
2022-10-13 | CVE-2022-40187 | Foresightsports Bushnellgolf | Incorrect Default Permissions vulnerability in multiple products Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. | 8.0 |
2022-10-11 | CVE-2022-40176 | Siemens | OS Command Injection vulnerability in Siemens products A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). | 8.0 |
2022-10-10 | CVE-2021-44171 | Fortinet | OS Command Injection vulnerability in Fortinet Fortios A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | 8.0 |
2022-10-14 | CVE-2022-38440 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2022-10-14 | CVE-2022-38441 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2022-10-14 | CVE-2022-38442 | Adobe | Use After Free vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-38444 | Adobe | Use After Free vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-38445 | Adobe | Use After Free vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-38446 | Adobe | Use After Free vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-38447 | Adobe | Use After Free vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-38448 | Adobe | Use After Free vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-38450 | Adobe | Out-of-bounds Write vulnerability in Adobe products Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-42339 | Adobe | Out-of-bounds Write vulnerability in Adobe products Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-10-14 | CVE-2022-2985 | Missing Authorization vulnerability in Google Android 10.0/11.0 In music service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-38669 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In soundrecorder service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-38670 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In soundrecorder service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-38698 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-39080 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-39107 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In Soundrecorder service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-39108 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In Music service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-39109 | Missing Authorization vulnerability in Google Android 10.0/11.0 In Music service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-39110 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In Music service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2022-39111 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In Music service, there is a missing permission check. | 7.8 | |
2022-10-14 | CVE-2021-0699 | Out-of-bounds Write vulnerability in Google Android In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2022-10-14 | CVE-2022-20397 | Out-of-bounds Write vulnerability in Google Android In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2022-10-14 | CVE-2022-41302 | Autodesk | Out-of-bounds Read vulnerability in Autodesk FBX Software Development KIT 2020.0 An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. | 7.8 |
2022-10-14 | CVE-2022-41303 | Autodesk | Use After Free vulnerability in Autodesk FBX Software Development KIT 2020.0 A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. | 7.8 |
2022-10-14 | CVE-2022-41304 | Autodesk | Out-of-bounds Write vulnerability in Autodesk FBX Software Development KIT 2020.0 An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure. | 7.8 |
2022-10-14 | CVE-2022-41305 | Autodesk | Out-of-bounds Write vulnerability in Autodesk Subassembly Composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. | 7.8 |
2022-10-14 | CVE-2022-41306 | Autodesk | Out-of-bounds Write vulnerability in Autodesk Design Review 2018 A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. | 7.8 |
2022-10-14 | CVE-2022-41307 | Autodesk | Out-of-bounds Write vulnerability in Autodesk Subassembly Composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. | 7.8 |
2022-10-14 | CVE-2022-41308 | Autodesk | Out-of-bounds Write vulnerability in Autodesk Subassembly Composer A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. | 7.8 |
2022-10-14 | CVE-2022-41576 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. | 7.8 |
2022-10-14 | CVE-2022-41584 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. | 7.8 |
2022-10-14 | CVE-2022-41585 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. | 7.8 |
2022-10-14 | CVE-2022-42464 | Openharmony | Incorrect Default Permissions vulnerability in Openharmony OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. | 7.8 |
2022-10-14 | CVE-2022-42488 | Openharmony | Missing Authorization vulnerability in Openharmony 3.1/3.1.1/3.1.2 OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. | 7.8 |
2022-10-14 | CVE-2022-28762 | Zoom | Unspecified vulnerability in Zoom Meetings 5.11.3/5.11.5 Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. | 7.8 |
2022-10-14 | CVE-2022-42720 | Linux Fedoraproject Debian | Use After Free vulnerability in multiple products Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. | 7.8 |
2022-10-13 | CVE-2022-31123 | Grafana Netapp | Improper Verification of Cryptographic Signature vulnerability in multiple products Grafana is an open source observability and data visualization platform. | 7.8 |
2022-10-13 | CVE-2022-42899 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. | 7.8 |
2022-10-13 | CVE-2022-42900 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. | 7.8 |
2022-10-13 | CVE-2022-42901 | Bentley | Out-of-bounds Write vulnerability in Bentley Microstation and View Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. | 7.8 |
2022-10-13 | CVE-2022-42906 | Powerline Gitstatus Project Debian | Command Injection vulnerability in multiple products powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. | 7.8 |
2022-10-12 | CVE-2022-32485 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.8 |
2022-10-12 | CVE-2022-32487 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.8 |
2022-10-12 | CVE-2022-32488 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.8 |
2022-10-12 | CVE-2022-32489 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.8 |
2022-10-12 | CVE-2022-32491 | Dell | Classic Buffer Overflow vulnerability in Dell products Dell Client BIOS contains a Buffer Overflow vulnerability. | 7.8 |
2022-10-12 | CVE-2022-32493 | Dell | Out-of-bounds Write vulnerability in Dell products Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. | 7.8 |
2022-10-12 | CVE-2022-33919 | Dell | Unspecified vulnerability in Dell Geodrive Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. | 7.8 |
2022-10-12 | CVE-2022-33920 | Dell | Unquoted Search Path or Element vulnerability in Dell Geodrive Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. | 7.8 |
2022-10-12 | CVE-2022-33921 | Dell | Uncontrolled Search Path Element vulnerability in Dell Geodrive Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. | 7.8 |
2022-10-12 | CVE-2022-33922 | Dell | Incorrect Default Permissions vulnerability in Dell Geodrive Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. | 7.8 |
2022-10-12 | CVE-2022-34390 | Dell | Use of Uninitialized Resource vulnerability in Dell products Dell BIOS contains a use of uninitialized variable vulnerability. | 7.8 |
2022-10-12 | CVE-2022-34391 | Dell | Unspecified vulnerability in Dell products Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. | 7.8 |
2022-10-11 | CVE-2022-42717 | Hashicorp | Unspecified vulnerability in Hashicorp Vagrant An issue was discovered in Hashicorp Packer before 2.3.1. | 7.8 |
2022-10-11 | CVE-2022-39803 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-39804 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-39805 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-39806 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-39808 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41167 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41168 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41170 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41172 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41175 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41177 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41179 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41180 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41184 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41185 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41186 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41187 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41188 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
2022-10-11 | CVE-2022-41189 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41190 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41191 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41192 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
2022-10-11 | CVE-2022-41193 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41194 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
2022-10-11 | CVE-2022-41195 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41196 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41197 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
2022-10-11 | CVE-2022-41198 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41199 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41200 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41201 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2022-41202 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-10-11 | CVE-2021-0951 | Integer Overflow or Wraparound vulnerability in Google Android In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. | 7.8 | |
2022-10-11 | CVE-2022-20415 | Unspecified vulnerability in Google Android In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. | 7.8 | |
2022-10-11 | CVE-2022-20416 | Out-of-bounds Write vulnerability in Google Android 12.0/12.1/13.0 In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. | 7.8 | |
2022-10-11 | CVE-2022-20417 | Out-of-bounds Write vulnerability in Google Android 12.0/12.1/13.0 In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. | 7.8 | |
2022-10-11 | CVE-2022-20419 | Unspecified vulnerability in Google Android 12.1/13.0 In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. | 7.8 | |
2022-10-11 | CVE-2022-20420 | Unspecified vulnerability in Google Android 13.0 In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. | 7.8 | |
2022-10-11 | CVE-2022-20421 | Google Debian | Use After Free vulnerability in multiple products In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. | 7.8 |
2022-10-11 | CVE-2022-20430 | Missing Authorization vulnerability in Google Android There is an missing authorization issue in the system service. | 7.8 | |
2022-10-11 | CVE-2022-20431 | Missing Authorization vulnerability in Google Android There is an missing authorization issue in the system service. | 7.8 | |
2022-10-11 | CVE-2022-20432 | Missing Authorization vulnerability in Google Android There is an missing authorization issue in the system service. | 7.8 | |
2022-10-11 | CVE-2022-20433 | Missing Authorization vulnerability in Google Android There is an missing authorization issue in the system service. | 7.8 | |
2022-10-11 | CVE-2022-20434 | Missing Authorization vulnerability in Google Android There is an missing authorization issue in the system service. | 7.8 | |
2022-10-11 | CVE-2022-20435 | Incorrect Default Permissions vulnerability in Google Android There is a Unauthorized service in the system service, may cause the system reboot. | 7.8 | |
2022-10-11 | CVE-2022-20436 | Incorrect Default Permissions vulnerability in Google Android There is an unauthorized service in the system service. | 7.8 | |
2022-10-11 | CVE-2022-33635 | Microsoft | Unspecified vulnerability in Microsoft products Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37970 | Microsoft | Unspecified vulnerability in Microsoft products Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37979 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37980 | Microsoft | Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022 Windows DHCP Client Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37983 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37984 | Microsoft | Unspecified vulnerability in Microsoft products Windows WLAN Service Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37986 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37987 | Microsoft | Unspecified vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37988 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37989 | Microsoft | Unspecified vulnerability in Microsoft products Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37990 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37991 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37993 | Microsoft | Unspecified vulnerability in Microsoft products Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37994 | Microsoft | Unspecified vulnerability in Microsoft products Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37995 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37997 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37999 | Microsoft | Unspecified vulnerability in Microsoft products Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38003 | Microsoft | Unspecified vulnerability in Microsoft products Windows Resilient File System Elevation of Privilege | 7.8 |
2022-10-11 | CVE-2022-38028 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38037 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38038 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38039 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38044 | Microsoft | Unspecified vulnerability in Microsoft products Windows CD-ROM File System Driver Remote Code Execution Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38048 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38049 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Graphics Remote Code Execution Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38050 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-38051 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-41031 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Word Remote Code Execution Vulnerability | 7.8 |
2022-10-11 | CVE-2022-41032 | Microsoft Fedoraproject | NuGet Client Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-41033 | Microsoft | Type Confusion vulnerability in Microsoft products Windows COM+ Event System Service Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-41034 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability | 7.8 |
2022-10-11 | CVE-2022-41083 | Microsoft | Unspecified vulnerability in Microsoft Jupyter Visual Studio Code Elevation of Privilege Vulnerability | 7.8 |
2022-10-11 | CVE-2022-37864 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020 A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). | 7.8 |
2022-10-11 | CVE-2022-38465 | Siemens | Insufficiently Protected Credentials vulnerability in Siemens products A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. | 7.8 |
2022-10-11 | CVE-2022-41851 | Siemens | Access of Uninitialized Pointer vulnerability in Siemens JT Open Toolkit and Simcenter Femap A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-10-10 | CVE-2022-41747 | Trendmicro | Improper Certificate Validation vulnerability in Trendmicro Apex ONE 2019 An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. | 7.8 |
2022-10-10 | CVE-2022-41749 | Trendmicro | Origin Validation Error vulnerability in Trendmicro Apex ONE 2019 An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |
2022-10-11 | CVE-2022-37973 | Microsoft | Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022 Windows Local Session Manager (LSM) Denial of Service Vulnerability | 7.7 |
2022-10-11 | CVE-2022-37998 | Microsoft | Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022 Windows Local Session Manager (LSM) Denial of Service Vulnerability | 7.7 |
2022-10-10 | CVE-2022-20920 | Cisco | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. | 7.7 |
2022-10-11 | CVE-2022-39013 | SAP | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions an authenticated attacker can get access to OS credentials. | 7.6 |
2022-10-16 | CVE-2022-3526 | Linux | Memory Leak vulnerability in Linux Kernel A vulnerability classified as problematic was found in Linux Kernel. | 7.5 |
2022-10-16 | CVE-2022-41323 | Djangoproject | Unspecified vulnerability in Djangoproject Django In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | 7.5 |
2022-10-16 | CVE-2022-42969 | Pytest | Unspecified vulnerability in Pytest PY The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. | 7.5 |
2022-10-14 | CVE-2022-38419 | Adobe | XXE vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. | 7.5 |
2022-10-14 | CVE-2022-38420 | Adobe | Use of Hard-coded Credentials vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. | 7.5 |
2022-10-14 | CVE-2022-38422 | Adobe | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. | 7.5 |
2022-10-14 | CVE-2022-41623 | Villatheme | Unspecified vulnerability in Villatheme Dropshipping and Fulfillment for Aliexpress and Woocommerce Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. | 7.5 |
2022-10-14 | CVE-2022-42340 | Adobe | Improper Input Validation vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. | 7.5 |
2022-10-14 | CVE-2022-42341 | Adobe | XXE vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. | 7.5 |
2022-10-14 | CVE-2022-2963 | Jasper Project Fedoraproject Redhat | Memory Leak vulnerability in multiple products A vulnerability found in jasper. | 7.5 |
2022-10-14 | CVE-2021-22685 | Cassianetworks | Path Traversal vulnerability in Cassianetworks Access Controller An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1. | 7.5 |
2022-10-14 | CVE-2022-3479 | Mozilla | Unspecified vulnerability in Mozilla Network Security Services 3.77 A vulnerability found in nss. | 7.5 |
2022-10-14 | CVE-2022-37603 | Webpack JS | Unspecified vulnerability in Webpack.Js Loader-Utils A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. | 7.5 |
2022-10-14 | CVE-2022-38977 | Huawei | Out-of-bounds Write vulnerability in Huawei Harmonyos 2.0/2.1 The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. | 7.5 |
2022-10-14 | CVE-2022-38981 | Huawei | Out-of-bounds Read vulnerability in Huawei Harmonyos 2.0/2.1 The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. | 7.5 |
2022-10-14 | CVE-2022-38984 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | 7.5 |
2022-10-14 | CVE-2022-38985 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2022-10-14 | CVE-2022-38998 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | 7.5 |
2022-10-14 | CVE-2022-39011 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. | 7.5 |
2022-10-14 | CVE-2022-41582 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. | 7.5 |
2022-10-14 | CVE-2022-41583 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. | 7.5 |
2022-10-14 | CVE-2022-41586 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2022-10-14 | CVE-2022-41588 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. | 7.5 |
2022-10-14 | CVE-2022-41589 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. | 7.5 |
2022-10-14 | CVE-2022-41715 | Golang | Unspecified vulnerability in Golang GO Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. | 7.5 |
2022-10-14 | CVE-2022-2879 | Golang | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO Reader.Read does not set a limit on the maximum size of file headers. | 7.5 |
2022-10-14 | CVE-2022-2880 | Golang | HTTP Request Smuggling vulnerability in Golang GO Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. | 7.5 |
2022-10-14 | CVE-2022-32149 | Golang | Missing Release of Resource after Effective Lifetime vulnerability in Golang Text An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. | 7.5 |
2022-10-13 | CVE-2022-31130 | Grafana | Insufficiently Protected Credentials vulnerability in Grafana Grafana is an open source observability and data visualization platform. | 7.5 |
2022-10-13 | CVE-2022-39201 | Grafana | Unspecified vulnerability in Grafana Grafana is an open source observability and data visualization platform. | 7.5 |
2022-10-13 | CVE-2022-39278 | Istio | Resource Exhaustion vulnerability in Istio Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. | 7.5 |
2022-10-13 | CVE-2022-41480 | Tenda | Classic Buffer Overflow vulnerability in Tenda Ac6V2.0 Firmware 15.03.06.51 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. | 7.5 |
2022-10-13 | CVE-2022-41481 | Tenda | Classic Buffer Overflow vulnerability in Tenda Ac6V2.0 Firmware 15.03.06.51 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. | 7.5 |
2022-10-13 | CVE-2022-41482 | Tenda | Classic Buffer Overflow vulnerability in Tenda Ac6V2.0 Firmware 15.03.06.51 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. | 7.5 |
2022-10-13 | CVE-2022-41483 | Tenda | Classic Buffer Overflow vulnerability in Tenda Ac6V2.0 Firmware 15.03.06.51 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. | 7.5 |
2022-10-13 | CVE-2022-41484 | Tenda | Classic Buffer Overflow vulnerability in Tenda Ap500V1 Firmware 180320(Beta) Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. | 7.5 |
2022-10-13 | CVE-2022-41485 | Tenda | Classic Buffer Overflow vulnerability in Tenda AC6 Firmware and Ac6V2.0 Firmware Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. | 7.5 |
2022-10-13 | CVE-2021-20030 | Sonicwall | Path Traversal vulnerability in Sonicwall Global Management System SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. | 7.5 |
2022-10-12 | CVE-2022-39282 | Freerdp Fedoraproject | Use of Uninitialized Resource vulnerability in multiple products FreeRDP is a free remote desktop protocol library and clients. | 7.5 |
2022-10-12 | CVE-2022-39283 | Freerdp Fedoraproject | Use of Uninitialized Resource vulnerability in multiple products FreeRDP is a free remote desktop protocol library and clients. | 7.5 |
2022-10-12 | CVE-2022-3171 | Google Fedoraproject | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. | 7.5 |
2022-10-12 | CVE-2021-36369 | Dropbear SSH Project Debian | Improper Authentication vulnerability in multiple products An issue was discovered in Dropbear through 2020.81. | 7.5 |
2022-10-12 | CVE-2022-42079 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. | 7.5 |
2022-10-12 | CVE-2022-42080 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. | 7.5 |
2022-10-12 | CVE-2022-42081 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. | 7.5 |
2022-10-12 | CVE-2022-28887 | F Secure | Unspecified vulnerability in F-Secure products Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. | 7.5 |
2022-10-11 | CVE-2022-41404 | Ini4J Project Debian | An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | 7.5 |
2022-10-11 | CVE-2022-38138 | Trianglemicroworks | Access of Uninitialized Pointer vulnerability in Trianglemicroworks products The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. | 7.5 |
2022-10-11 | CVE-2022-39802 | SAP | Path Traversal vulnerability in SAP Manufacturing Execution 15.1/15.2/15.3 SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. | 7.5 |
2022-10-11 | CVE-2022-20410 | Integer Overflow or Wraparound vulnerability in Google Android In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. | 7.5 | |
2022-10-11 | CVE-2022-20418 | Out-of-bounds Read vulnerability in Google Android 12.0/12.1/13.0 In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2022-10-11 | CVE-2022-33645 | Microsoft | Unspecified vulnerability in Microsoft products Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
2022-10-11 | CVE-2022-34689 | Microsoft | Authentication Bypass by Spoofing vulnerability in Microsoft products Windows CryptoAPI Spoofing Vulnerability | 7.5 |
2022-10-11 | CVE-2022-37599 | Webpack JS | Unspecified vulnerability in Webpack.Js Loader-Utils A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. | 7.5 |
2022-10-11 | CVE-2022-37978 | Microsoft | Unspecified vulnerability in Microsoft products Windows Active Directory Certificate Services Security Feature Bypass | 7.5 |
2022-10-11 | CVE-2022-38036 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 and Windows Server 2022 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | 7.5 |
2022-10-11 | CVE-2022-38041 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Channel Denial of Service Vulnerability | 7.5 |
2022-10-11 | CVE-2022-38046 | Microsoft | Unspecified vulnerability in Microsoft products Web Account Manager Information Disclosure Vulnerability | 7.5 |
2022-10-11 | CVE-2021-36913 | Redirection FOR Contact Form7 | Injection vulnerability in Redirection-For-Contact-Form7 Redirection for Contact Form 7 Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. | 7.5 |
2022-10-11 | CVE-2022-39296 | Melistechnology | Path Traversal vulnerability in Melistechnology Melis-Asset-Manager MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. | 7.5 |
2022-10-11 | CVE-2022-34430 | Dell | XML Entity Expansion vulnerability in Dell Hybrid Client Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. | 7.5 |
2022-10-11 | CVE-2022-3358 | Openssl | NULL Pointer Dereference vulnerability in Openssl OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. | 7.5 |
2022-10-11 | CVE-2022-39271 | Traefik | Improper Handling of Exceptional Conditions vulnerability in Traefik Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. | 7.5 |
2022-10-11 | CVE-2022-42731 | Django Mfa2 Project | Authentication Bypass by Capture-replay vulnerability in Django-Mfa2 Project Django-Mfa2 mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. | 7.5 |
2022-10-11 | CVE-2022-36360 | Siemens | Improper Validation of Integrity Check Value vulnerability in Siemens Logo!8 BM Fs-05 Firmware and Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 8 BM (incl. | 7.5 |
2022-10-11 | CVE-2022-36362 | Siemens | Unspecified vulnerability in Siemens Logo!8 BM Fs-05 Firmware and Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). | 7.5 |
2022-10-11 | CVE-2022-38371 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). | 7.5 |
2022-10-11 | CVE-2022-40227 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. | 7.5 |
2022-10-10 | CVE-2022-34425 | Dell | Use of Hard-coded Credentials vulnerability in Dell Enterprise Sonic Distribution 4.0.0/4.0.1 Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. | 7.5 |
2022-10-10 | CVE-2022-39288 | Fastify | Improper Check for Unusual or Exceptional Conditions vulnerability in Fastify fastify is a fast and low overhead web framework, for Node.js. | 7.5 |
2022-10-10 | CVE-2022-39292 | Slack Morphism Project | Sensitive Information Uncleared During Hardware Debug Flows vulnerability in Slack Morphism Project Slack Morphism Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. | 7.5 |
2022-10-10 | CVE-2022-42725 | Linuxmint | Link Following vulnerability in Linuxmint Warpinator Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. | 7.5 |
2022-10-11 | CVE-2022-41042 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Visual Studio Code Information Disclosure Vulnerability | 7.4 |
2022-10-11 | CVE-2022-40147 | Siemens | Improper Certificate Validation vulnerability in Siemens Industrial Edge Management A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). | 7.4 |
2022-10-10 | CVE-2022-20915 | Cisco | Interpretation Conflict vulnerability in Cisco IOS XE A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 7.4 |
2022-10-14 | CVE-2022-38421 | Adobe | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. | 7.2 |
2022-10-14 | CVE-2022-38424 | Adobe | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. | 7.2 |
2022-10-14 | CVE-2022-41416 | Online Tours Travels Management System Project | SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. | 7.2 |
2022-10-14 | CVE-2022-42232 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Simple Cold Storage Management System 1.0 Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. | 7.2 |
2022-10-14 | CVE-2022-3495 | Simple Online Public Access Catalog Project | SQL Injection vulnerability in Simple Online Public Access Catalog Project Simple Online Public Access Catalog 1.0 A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. | 7.2 |
2022-10-14 | CVE-2022-41535 | Open Source Sacco Management System Project | SQL Injection vulnerability in Open Source Sacco Management System Project Open Source Sacco Management System 1.0 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | 7.2 |
2022-10-14 | CVE-2022-41536 | Open Source Sacco Management System Project | SQL Injection vulnerability in Open Source Sacco Management System Project Open Source Sacco Management System 1.0 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. | 7.2 |
2022-10-13 | CVE-2022-34022 | Resiot | SQL Injection vulnerability in Resiot IOT Platform and Lorawan Network Server SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. | 7.2 |
2022-10-13 | CVE-2022-35944 | Octobercms | Code Injection vulnerability in Octobercms October October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. | 7.2 |
2022-10-13 | CVE-2022-41533 | Online Diagnostic LAB Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. | 7.2 |
2022-10-13 | CVE-2022-41534 | Online Diagnostic LAB Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. | 7.2 |
2022-10-12 | CVE-2022-40921 | Dedecms | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.99 DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | 7.2 |
2022-10-12 | CVE-2022-41406 | Church Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Church Management System Project Church Management System 1.0 An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
2022-10-12 | CVE-2022-41407 | Online PET Shop WE APP Project | SQL Injection vulnerability in Online PET Shop WE APP Project Online PET Shop WE APP 1.0 Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | 7.2 |
2022-10-12 | CVE-2022-41530 | Open Source Sacco Management System Project | SQL Injection vulnerability in Open Source Sacco Management System Project Open Source Sacco Management System 1.0 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. | 7.2 |
2022-10-12 | CVE-2022-41532 | Open Source Sacco Management System Project | SQL Injection vulnerability in Open Source Sacco Management System Project Open Source Sacco Management System 1.0 Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. | 7.2 |
2022-10-11 | CVE-2022-42230 | Simple Cold Storage Management System Project | SQL Injection vulnerability in Simple Cold Storage Management System Project Simple Cold Storage Managment System 1.0 Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. | 7.2 |
2022-10-14 | CVE-2022-41577 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability. | 7.1 |
2022-10-12 | CVE-2022-33937 | Dell | Path Traversal vulnerability in Dell Geodrive Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. | 7.1 |
2022-10-11 | CVE-2022-37971 | Microsoft | Unspecified vulnerability in Microsoft Malware Protection Engine Microsoft Windows Defender Elevation of Privilege Vulnerability | 7.1 |
2022-10-11 | CVE-2022-38042 | Microsoft | Unspecified vulnerability in Microsoft products Active Directory Domain Services Elevation of Privilege Vulnerability | 7.1 |
2022-10-10 | CVE-2022-3154 | WOO Billingo Plus Project Integration FOR Billingo Gravity Forms Project Integration FOR Szamlazz HU Gravity Forms Project | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license | 7.1 |
2022-10-11 | CVE-2021-0696 | Use After Free vulnerability in Google Android In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. | 7.0 | |
2022-10-11 | CVE-2022-20422 | Google Debian | Improper Locking vulnerability in multiple products In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. | 7.0 |
2022-10-11 | CVE-2022-38021 | Microsoft | Race Condition vulnerability in Microsoft products Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.0 |
2022-10-11 | CVE-2022-38027 | Microsoft | Race Condition vulnerability in Microsoft products Windows Storage Elevation of Privilege Vulnerability | 7.0 |
2022-10-11 | CVE-2022-38029 | Microsoft | Race Condition vulnerability in Microsoft products Windows ALPC Elevation of Privilege Vulnerability | 7.0 |
2022-10-10 | CVE-2022-41744 | Trendmicro | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 2019 A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. | 7.0 |
2022-10-10 | CVE-2022-41745 | Trendmicro | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019 An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. | 7.0 |
224 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-10-11 | CVE-2022-38017 | Microsoft | Unspecified vulnerability in Microsoft Storsimple 8010 Firmware and Storsimple 8020 Firmware StorSimple 8000 Series Elevation of Privilege Vulnerability | 6.8 |
2022-10-10 | CVE-2022-20944 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. | 6.8 |
2022-10-12 | CVE-2022-2249 | Avaya | Improper Privilege Management vulnerability in Avaya Aura Communication Manager Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. | 6.7 |
2022-10-11 | CVE-2022-20409 | Use After Free vulnerability in Google Android In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. | 6.7 | |
2022-10-11 | CVE-2022-20412 | Out-of-bounds Read vulnerability in Google Android In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. | 6.7 | |
2022-10-11 | CVE-2022-34434 | Dell | Unspecified vulnerability in Dell Cloud Mobility for Dell EMC Storage 1.3.0 Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. | 6.7 |
2022-10-10 | CVE-2022-41748 | Trendmicro | Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019 A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. | 6.7 |
2022-10-11 | CVE-2022-38032 | Microsoft | Unspecified vulnerability in Microsoft products Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | 6.6 |
2022-10-14 | CVE-2022-39309 | Thoughtworks | Exposure of Resource to Wrong Sphere vulnerability in Thoughtworks Gocd GoCD is a continuous delivery server. | 6.5 |
2022-10-14 | CVE-2022-39310 | Thoughtworks | Unspecified vulnerability in Thoughtworks Gocd GoCD is a continuous delivery server. | 6.5 |
2022-10-14 | CVE-2022-2850 | Redhat Fedoraproject Port389 Debian | NULL Pointer Dereference vulnerability in multiple products A flaw was found In 389-ds-base. | 6.5 |
2022-10-14 | CVE-2022-39065 | Ikea | Unspecified vulnerability in Ikea Tradfri Gateway E1526 Firmware 1.17.44 A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. | 6.5 |
2022-10-14 | CVE-2022-28760 | Zoom | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703 Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. | 6.5 |
2022-10-14 | CVE-2022-28761 | Zoom | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703/4.8.20220815.130 Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. | 6.5 |
2022-10-14 | CVE-2022-35040 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567. | 6.5 |
2022-10-14 | CVE-2022-35041 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f. | 6.5 |
2022-10-14 | CVE-2022-35042 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11. | 6.5 |
2022-10-14 | CVE-2022-35043 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6. | 6.5 |
2022-10-14 | CVE-2022-35044 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087. | 6.5 |
2022-10-14 | CVE-2022-35045 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63. | 6.5 |
2022-10-14 | CVE-2022-35046 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466. | 6.5 |
2022-10-14 | CVE-2022-35047 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa. | 6.5 |
2022-10-14 | CVE-2022-35048 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c. | 6.5 |
2022-10-14 | CVE-2022-35049 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5. | 6.5 |
2022-10-14 | CVE-2022-35050 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de. | 6.5 |
2022-10-14 | CVE-2022-35051 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af. | 6.5 |
2022-10-14 | CVE-2022-35052 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1. | 6.5 |
2022-10-14 | CVE-2022-35053 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f. | 6.5 |
2022-10-14 | CVE-2022-35054 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2. | 6.5 |
2022-10-14 | CVE-2022-35055 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473. | 6.5 |
2022-10-14 | CVE-2022-35056 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478. | 6.5 |
2022-10-14 | CVE-2022-35058 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce. | 6.5 |
2022-10-14 | CVE-2022-35059 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414. | 6.5 |
2022-10-13 | CVE-2022-35136 | Boodskap | Missing Authentication for Critical Function vulnerability in Boodskap IOT Platform 4.4.902 Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. | 6.5 |
2022-10-13 | CVE-2022-41474 | Rpcms | Cross-Site Request Forgery (CSRF) vulnerability in Rpcms 3.0.2 RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. | 6.5 |
2022-10-13 | CVE-2022-2828 | Octopus | Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability | 6.5 |
2022-10-13 | CVE-2022-3470 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Human Resource Management System A vulnerability was found in SourceCodester Human Resource Management System. | 6.5 |
2022-10-13 | CVE-2022-3473 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Human Resource Management System A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. | 6.5 |
2022-10-12 | CVE-2022-42077 | Tenda | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 6.5 |
2022-10-12 | CVE-2022-42078 | Tenda | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 6.5 |
2022-10-12 | CVE-2022-42086 | Tenda | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | 6.5 |
2022-10-12 | CVE-2022-42087 | Tenda | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 6.5 |
2022-10-12 | CVE-2022-41606 | Hashicorp | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. | 6.5 |
2022-10-11 | CVE-2022-41550 | GNU | Integer Overflow or Wraparound vulnerability in GNU Osip 5.3.0 GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. | 6.5 |
2022-10-11 | CVE-2022-39015 | SAP | Exposure of Resource to Wrong Sphere vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | 6.5 |
2022-10-11 | CVE-2022-35770 | Microsoft | Authentication Bypass by Spoofing vulnerability in Microsoft products Windows NTLM Spoofing Vulnerability | 6.5 |
2022-10-11 | CVE-2022-37974 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows 11 Windows Mixed Reality Developer Tools Information Disclosure Vulnerability | 6.5 |
2022-10-11 | CVE-2022-37977 | Microsoft | Unspecified vulnerability in Microsoft products Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | 6.5 |
2022-10-11 | CVE-2022-38001 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Spoofing Vulnerability | 6.5 |
2022-10-11 | CVE-2022-38033 | Microsoft | Unspecified vulnerability in Microsoft products Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | 6.5 |
2022-10-11 | CVE-2022-34431 | Dell | Unspecified vulnerability in Dell Hybrid Client Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. | 6.5 |
2022-10-11 | CVE-2022-33746 | XEN Fedoraproject Debian | Improper Resource Shutdown or Release vulnerability in multiple products P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. | 6.5 |
2022-10-10 | CVE-2021-35226 | Solarwinds | Inadequate Encryption Strength vulnerability in Solarwinds Network Configuration Manager An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). | 6.5 |
2022-10-10 | CVE-2022-3433 | Haskell | Inadequate Encryption Strength vulnerability in Haskell Aeson The aeson library is not safe to use to consume untrusted JSON input. | 6.5 |
2022-10-10 | CVE-2022-34334 | IBM | Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1 IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2022-10-10 | CVE-2022-3208 | Simplefilelist | Cross-Site Request Forgery (CSRF) vulnerability in Simplefilelist Simple-File-List The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. | 6.5 |
2022-10-10 | CVE-2022-42010 | Freedesktop Fedoraproject | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. | 6.5 |
2022-10-10 | CVE-2022-42011 | Freedesktop Fedoraproject | Improper Validation of Array Index vulnerability in multiple products An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. | 6.5 |
2022-10-10 | CVE-2022-42012 | Freedesktop Fedoraproject | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. | 6.5 |
2022-10-11 | CVE-2022-3140 | Libreoffice Debian Fedoraproject | Argument Injection or Modification vulnerability in multiple products LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. | 6.3 |
2022-10-15 | CVE-2022-3519 | Sanitization Management System Project | Improper Enforcement of Message or Data Structure vulnerability in Sanitization Management System Project Sanitization Management System 1.0 A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. | 6.1 |
2022-10-14 | CVE-2022-42066 | Projectworlds | Cross-site Scripting vulnerability in Projectworlds Online Examination System 1.0 Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | 6.1 |
2022-10-14 | CVE-2022-42071 | Online Birth Certificate Management System Project | Cross-site Scripting vulnerability in Online Birth Certificate Management System Project Online Birth Certificate Management System 1.0 Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. | 6.1 |
2022-10-13 | CVE-2022-39295 | ENG | Cross-site Scripting vulnerability in ENG Knowage Knowage is an open source suite for modern business analytics alternative over big data systems. | 6.1 |
2022-10-13 | CVE-2022-41473 | Rpcms | Cross-site Scripting vulnerability in Rpcms 3.0.2 RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. | 6.1 |
2022-10-12 | CVE-2022-41348 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0. | 6.1 |
2022-10-12 | CVE-2022-41349 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. | 6.1 |
2022-10-12 | CVE-2022-41350 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. | 6.1 |
2022-10-12 | CVE-2022-41351 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). | 6.1 |
2022-10-12 | CVE-2022-42715 | Vanderbilt | Cross-site Scripting vulnerability in Vanderbilt Redcap A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. | 6.1 |
2022-10-12 | CVE-2022-3464 | Puppycms | Cross-site Scripting vulnerability in Puppycms 5.1 A vulnerability classified as problematic has been found in puppyCMS up to 5.1. | 6.1 |
2022-10-12 | CVE-2022-40440 | Jgraph | Cross-site Scripting vulnerability in Jgraph Mxgraph 4.2.2 mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. | 6.1 |
2022-10-11 | CVE-2022-35226 | SAP | Cross-site Scripting vulnerability in SAP Data Services 4.2/4.3 SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. | 6.1 |
2022-10-11 | CVE-2022-39800 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. | 6.1 |
2022-10-11 | CVE-2022-33978 | Fontmeister Project | Cross-site Scripting vulnerability in Fontmeister Project Fontmeister Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress. | 6.1 |
2022-10-11 | CVE-2022-41376 | Metroui | Cross-site Scripting vulnerability in Metroui Metro UI Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. | 6.1 |
2022-10-11 | CVE-2022-40631 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). | 6.1 |
2022-10-10 | CVE-2021-25044 | Premium Themes | Cross-site Scripting vulnerability in Premium-Themes Cryptocurrency Pricing List and Ticker The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-10-10 | CVE-2022-3209 | Pencidesign | Cross-site Scripting vulnerability in Pencidesign Soledad The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2022-10-10 | CVE-2022-3442 | Crealogix | Cross-site Scripting vulnerability in Crealogix Ebics Server 7.0 A vulnerability was found in Crealogix EBICS 7.0. | 6.1 |
2022-10-10 | CVE-2022-3438 | Ikus Soft | Open Redirect vulnerability in Ikus-Soft Rdiffweb Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | 6.1 |
2022-10-14 | CVE-2022-39308 | Thoughtworks | Incorrect Comparison vulnerability in Thoughtworks Gocd GoCD is a continuous delivery server. | 5.9 |
2022-10-11 | CVE-2022-37965 | Microsoft | Unspecified vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
2022-10-10 | CVE-2022-2891 | Wpwhitesecurity | Information Exposure Through Discrepancy vulnerability in Wpwhitesecurity WP 2FA The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. | 5.9 |
2022-10-11 | CVE-2022-40177 | Siemens | Information Exposure vulnerability in Siemens products A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). | 5.7 |
2022-10-11 | CVE-2022-33748 | XEN Fedoraproject Debian | Improper Handling of Exceptional Conditions vulnerability in multiple products lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. | 5.6 |
2022-10-16 | CVE-2022-3524 | Linux Debian | Improper Resource Shutdown or Release vulnerability in multiple products A vulnerability was found in Linux Kernel. | 5.5 |
2022-10-14 | CVE-2022-35691 | Adobe | NULL Pointer Dereference vulnerability in Adobe products Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. | 5.5 |
2022-10-14 | CVE-2022-38437 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2022-10-14 | CVE-2022-38443 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension 3.4.3 Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2022-10-14 | CVE-2022-38449 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2022-10-14 | CVE-2022-42342 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2022-10-14 | CVE-2022-2984 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In jpg driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-38671 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In camera driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-38672 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In face detect driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-38673 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In face detect driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-38676 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In gpu driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-38677 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In cell service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-38679 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In music service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-38687 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-38688 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-38689 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-38690 | Improper Locking vulnerability in Google Android 10.0/11.0/12.0 In camera driver, there is a possible memory corruption due to improper locking. | 5.5 | |
2022-10-14 | CVE-2022-38697 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-39103 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In Gallery service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-39105 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39112 | Missing Authorization vulnerability in Google Android 10.0/11.0 In Music service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-39113 | Missing Authorization vulnerability in Google Android 10.0/11.0 In Music service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-39114 | Missing Authorization vulnerability in Google Android 10.0/11.0 In Music service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-39115 | Missing Authorization vulnerability in Google Android 10.0/11.0 In Music service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-39117 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2022-10-14 | CVE-2022-39120 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39121 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39122 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39123 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39124 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39125 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39126 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39127 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-39128 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sensor driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2022-10-14 | CVE-2022-20464 | Unspecified vulnerability in Google Android In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. | 5.5 | |
2022-10-14 | CVE-2022-42721 | Linux Fedoraproject Debian | Infinite Loop vulnerability in multiple products A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. | 5.5 |
2022-10-14 | CVE-2022-42722 | Linux Fedoraproject Debian | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. | 5.5 |
2022-10-13 | CVE-2022-35080 | Swftools | Out-of-bounds Write vulnerability in Swftools 20211216 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. | 5.5 |
2022-10-13 | CVE-2022-35081 | Swftools | Out-of-bounds Write vulnerability in Swftools 20211216 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c. | 5.5 |
2022-10-12 | CVE-2022-33918 | Dell | Cleartext Storage of Sensitive Information vulnerability in Dell Geodrive Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. | 5.5 |
2022-10-11 | CVE-2022-39807 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41166 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41169 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41171 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41173 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41174 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41176 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41178 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41181 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41182 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-41183 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Author 9.0 Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-10-11 | CVE-2022-20351 | SQL Injection vulnerability in Google Android In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. | 5.5 | |
2022-10-11 | CVE-2022-20413 | Unspecified vulnerability in Google Android In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. | 5.5 | |
2022-10-11 | CVE-2022-20425 | Resource Exhaustion vulnerability in Google Android In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. | 5.5 | |
2022-10-11 | CVE-2022-20437 | Unspecified vulnerability in Google Android In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929 | 5.5 | |
2022-10-11 | CVE-2022-20438 | Unspecified vulnerability in Google Android In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920 | 5.5 | |
2022-10-11 | CVE-2022-20439 | Unspecified vulnerability in Google Android In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172 | 5.5 | |
2022-10-11 | CVE-2022-20440 | Unspecified vulnerability in Google Android In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918 | 5.5 | |
2022-10-11 | CVE-2022-37985 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
2022-10-11 | CVE-2022-37996 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
2022-10-11 | CVE-2022-38025 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 and Windows Server 2022 Windows Distributed File System (DFS) Information Disclosure Vulnerability | 5.5 |
2022-10-11 | CVE-2022-38026 | Microsoft | Unspecified vulnerability in Microsoft products Windows DHCP Client Information Disclosure Vulnerability | 5.5 |
2022-10-11 | CVE-2022-38043 | Microsoft | Unspecified vulnerability in Microsoft products Windows Security Support Provider Interface Information Disclosure Vulnerability | 5.5 |
2022-10-11 | CVE-2022-38388 | IBM | Unspecified vulnerability in IBM Navigator Mobile 3.4.1.1/3.4.1.2 IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. | 5.5 |
2022-10-14 | CVE-2022-35698 | Adobe | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. | 5.4 |
2022-10-14 | CVE-2022-42069 | Online Birth Certificate Management System Project | Cross-site Scripting vulnerability in Online Birth Certificate Management System Project Online Birth Certificate Management System 1.0 Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. | 5.4 |
2022-10-14 | CVE-2022-3505 | Sanitization Management System Project | Cross-site Scripting vulnerability in Sanitization Management System Project Sanitization Management System A vulnerability was found in SourceCodester Sanitization Management System. | 5.4 |
2022-10-14 | CVE-2022-3506 | Never5 | Cross-site Scripting vulnerability in Never5 Related Posts Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. | 5.4 |
2022-10-14 | CVE-2022-3502 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability was found in Human Resource Management System 1.0. | 5.4 |
2022-10-14 | CVE-2022-3503 | Purchase Order Management System Project | Improper Enforcement of Message or Data Structure vulnerability in Purchase Order Management System Project Purchase Order Management System 1.0 A vulnerability was found in SourceCodester Purchase Order Management System 1.0. | 5.4 |
2022-10-14 | CVE-2022-3497 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability was found in SourceCodester Human Resource Management System 1.0. | 5.4 |
2022-10-14 | CVE-2022-39302 | Ree6 | Incorrect Authorization vulnerability in Ree6 Ree6 is a moderation bot. | 5.4 |
2022-10-13 | CVE-2022-34021 | Resiot | Cross-site Scripting vulnerability in Resiot IOT Platform and Lorawan Network Server Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. | 5.4 |
2022-10-13 | CVE-2022-35134 | Boodskap | Cross-site Scripting vulnerability in Boodskap IOT Platform 4.4.902 Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. | 5.4 |
2022-10-13 | CVE-2022-35612 | Bevywise | Cross-site Scripting vulnerability in Bevywise Mqttroute 1.1/2.0 A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. | 5.4 |
2022-10-13 | CVE-2022-3493 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. | 5.4 |
2022-10-13 | CVE-2022-38902 | Liferay | Cross-site Scripting vulnerability in Liferay DXP and Liferay Portal A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic. | 5.4 |
2022-10-11 | CVE-2022-35297 | SAP | Cross-site Scripting vulnerability in SAP Enable NOW 10 The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | 5.4 |
2022-10-11 | CVE-2022-41206 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. | 5.4 |
2022-10-11 | CVE-2022-40047 | Flatpress | Cross-site Scripting vulnerability in Flatpress 1.2.1 Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | 5.4 |
2022-10-11 | CVE-2022-3452 | Book Store Management System Project | Improper Enforcement of Message or Data Structure vulnerability in Book Store Management System Project Book Store Management System 1.0 A vulnerability was found in SourceCodester Book Store Management System 1.0. | 5.4 |
2022-10-11 | CVE-2022-3453 | Book Store Management System Project | Improper Enforcement of Message or Data Structure vulnerability in Book Store Management System Project Book Store Management System 1.0 A vulnerability was found in SourceCodester Book Store Management System 1.0. | 5.4 |
2022-10-11 | CVE-2022-42235 | Student Clearance System Project | Cross-site Scripting vulnerability in Student Clearance System Project Student Clearance System 1.0 A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | 5.4 |
2022-10-11 | CVE-2022-42236 | Merchandise Online Store Project | Cross-site Scripting vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | 5.4 |
2022-10-11 | CVE-2022-32175 | Adguard | Cross-Site Request Forgery (CSRF) vulnerability in Adguard Adguardhome In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. | 5.4 |
2022-10-11 | CVE-2022-40178 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). | 5.4 |
2022-10-10 | CVE-2022-3137 | Taskbuilder | Cross-site Scripting vulnerability in Taskbuilder The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file | 5.4 |
2022-10-10 | CVE-2022-40248 | Cert | Cross-site Scripting vulnerability in Cert Vince An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. | 5.4 |
2022-10-10 | CVE-2022-40257 | Cert | Cross-site Scripting vulnerability in Cert Vince An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. | 5.4 |
2022-10-16 | CVE-2022-3523 | Linux | Use After Free vulnerability in Linux Kernel A vulnerability was found in Linux Kernel. | 5.3 |
2022-10-15 | CVE-2022-42961 | Wolfssl | Unspecified vulnerability in Wolfssl An issue was discovered in wolfSSL before 5.5.0. | 5.3 |
2022-10-14 | CVE-2022-35689 | Adobe | Unspecified vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |
2022-10-14 | CVE-2022-41587 | Huawei | Improper Check for Unusual or Exceptional Conditions vulnerability in Huawei Emui 11.0.1 Uncaptured exceptions in the home screen module. | 5.3 |
2022-10-12 | CVE-2022-41316 | Hashicorp | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. | 5.3 |
2022-10-12 | CVE-2022-2720 | Octopus | Unspecified vulnerability in Octopus Server In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. | 5.3 |
2022-10-11 | CVE-2021-36201 | Johnsoncontrols | Information Exposure Through Discrepancy vulnerability in Johnsoncontrols C-Cure 9000 Firmware 2.70/2.80/2.90 Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | 5.3 |
2022-10-11 | CVE-2022-41035 | Microsoft | Race Condition vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability | 5.3 |
2022-10-11 | CVE-2022-33749 | XEN | Allocation of Resources Without Limits or Throttling vulnerability in XEN Xapi XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. | 5.3 |
2022-10-11 | CVE-2022-36363 | Siemens | Improper Input Validation vulnerability in Siemens Logo!8 BM Fs-05 Firmware and Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). | 5.3 |
2022-10-11 | CVE-2022-40180 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). | 5.3 |
2022-10-10 | CVE-2022-20830 | Cisco | Missing Authentication for Critical Function vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. | 5.3 |
2022-10-10 | CVE-2022-2350 | Brainvire | Missing Authorization vulnerability in Brainvire Disable User Login 1.0.1 The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. | 5.3 |
2022-10-10 | CVE-2022-26121 | Fortinet | Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortianalyzer and Fortimanager An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. | 5.3 |
2022-10-11 | CVE-2022-41209 | SAP | Inadequate Encryption Strength vulnerability in SAP Customer Data Cloud 7.4 SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. | 5.2 |
2022-10-11 | CVE-2022-41210 | SAP | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in SAP Customer Data Cloud 7.4 SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. | 5.2 |
2022-10-11 | CVE-2022-20394 | Missing Authorization vulnerability in Google Android In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. | 5.0 | |
2022-10-14 | CVE-2022-38423 | Adobe | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. | 4.9 |
2022-10-14 | CVE-2022-36802 | Atlassian | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Align The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. | 4.9 |
2022-10-13 | CVE-2022-3471 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Human Resource Management System A vulnerability was found in SourceCodester Human Resource Management System. | 4.9 |
2022-10-13 | CVE-2022-3472 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Human Resource Management System A vulnerability was found in SourceCodester Human Resource Management System. | 4.9 |
2022-10-11 | CVE-2022-31682 | Vmware | Unspecified vulnerability in VMWare Vrealize Operations VMware Aria Operations contains an arbitrary file read vulnerability. | 4.9 |
2022-10-11 | CVE-2022-35296 | SAP | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | 4.9 |
2022-10-10 | CVE-2022-2554 | Shortpixel | Path Traversal vulnerability in Shortpixel Enable Media Replace The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example | 4.9 |
2022-10-10 | CVE-2022-2981 | Wpchill | Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.9 |
2022-10-10 | CVE-2022-34402 | Dell | Unspecified vulnerability in Dell Wyse Thinos Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. | 4.9 |
2022-10-15 | CVE-2022-3518 | Sanitization Management System Project | Improper Enforcement of Message or Data Structure vulnerability in Sanitization Management System Project Sanitization Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. | 4.8 |
2022-10-11 | CVE-2022-35829 | Microsoft | Unspecified vulnerability in Microsoft Azure Service Fabric Service Fabric Explorer Spoofing Vulnerability | 4.8 |
2022-10-11 | CVE-2021-36899 | Asset Cleanup | Cross-site Scripting vulnerability in Asset Cleanup: Page Speed Booster Project Asset Cleanup: Page Speed Booster Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress. | 4.8 |
2022-10-10 | CVE-2022-2448 | Resmush IT | Cross-site Scripting vulnerability in Resmush.It Image Optimizer The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2022-10-10 | CVE-2022-2629 | Wpdarko | Cross-site Scripting vulnerability in Wpdarko TOP BAR The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-10-10 | CVE-2022-2823 | Metaslider | Cross-site Scripting vulnerability in Metaslider Slider, Gallery, and Carousel The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-10-10 | CVE-2022-3136 | Wpsocialrocket | Cross-site Scripting vulnerability in Wpsocialrocket Social Rocket The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-10-10 | CVE-2022-3207 | Simplefilelist | Cross-site Scripting vulnerability in Simplefilelist Simple-File-List The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-10-10 | CVE-2022-3220 | Webgilde | Cross-site Scripting vulnerability in Webgilde Advanced Comment Form The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-10-11 | CVE-2022-20423 | Integer Overflow or Wraparound vulnerability in Google Android In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. | 4.6 | |
2022-10-10 | CVE-2022-20864 | Cisco | Unspecified vulnerability in Cisco IOS XE ROM Monitor A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. | 4.6 |
2022-10-14 | CVE-2022-41686 | Openharmony Openatom | Out-of-bounds Write vulnerability in multiple products OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. | 4.4 |
2022-10-12 | CVE-2022-32483 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 4.4 |
2022-10-12 | CVE-2022-32484 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 4.4 |
2022-10-14 | CVE-2022-42067 | Online Birth Certificate Management System Project | Authorization Bypass Through User-Controlled Key vulnerability in Online Birth Certificate Management System Project Online Birth Certificate Management System 1.0 Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | 4.3 |
2022-10-13 | CVE-2022-35611 | Bevywise | Cross-Site Request Forgery (CSRF) vulnerability in Bevywise Mqttroute 3.3 A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. | 4.3 |
2022-10-13 | CVE-2022-39229 | Grafana | Improper Authentication vulnerability in Grafana Grafana is an open source data visualization platform for metrics, logs, and traces. | 4.3 |
2022-10-13 | CVE-2022-42159 | Dlink | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Dlink products D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. | 4.3 |
2022-10-11 | CVE-2021-36915 | Cozmoslabs | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. | 4.3 |
2022-10-11 | CVE-2022-38086 | Getshortcodes | Cross-Site Request Forgery (CSRF) vulnerability in Getshortcodes Shortcodes Ultimate Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. | 4.3 |
2022-10-11 | CVE-2022-37981 | Microsoft | Unspecified vulnerability in Microsoft products Windows Event Logging Service Denial of Service Vulnerability | 4.3 |
2022-10-11 | CVE-2022-38030 | Microsoft | Unspecified vulnerability in Microsoft products Windows USB Serial Driver Information Disclosure Vulnerability | 4.3 |
2022-10-10 | CVE-2022-42724 | Misp Project | Incorrect Authorization vulnerability in Misp-Project Malware Information Sharing Platform app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). | 4.3 |
14 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-10-11 | CVE-2022-33747 | XEN Fedoraproject Debian | Improper Resource Shutdown or Release vulnerability in multiple products Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. | 3.8 |
2022-10-14 | CVE-2022-41592 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41593 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41594 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41595 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41597 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41598 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41600 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41601 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41602 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-14 | CVE-2022-41603 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | 3.4 |
2022-10-11 | CVE-2022-38022 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 3.3 |
2022-10-11 | CVE-2022-41043 | Microsoft | Unspecified vulnerability in Microsoft Office and Office Long Term Servicing Channel Microsoft Office Information Disclosure Vulnerability | 3.3 |
2022-10-16 | CVE-2022-3521 | Linux Debian | Race Condition vulnerability in multiple products A vulnerability has been found in Linux Kernel and classified as problematic. | 2.5 |