Weekly Vulnerabilities Reports > November 7 to 13, 2022
Overview
523 new vulnerabilities reported during this period, including 85 critical vulnerabilities and 229 high severity vulnerabilities. This weekly summary report vulnerabilities in 1727 products from 181 vendors including Microsoft, Intel, Google, Huawei, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Improper Input Validation", and "Unrestricted Upload of File with Dangerous Type".
- 332 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 127 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 291 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 63 reported vulnerabilities.
- Democritus has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
85 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-11-12 | CVE-2022-38650 | Vmware | Deserialization of Untrusted Data vulnerability in VMWare Hyperic Server 5.8.6 A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. | 10.0 |
2022-11-10 | CVE-2022-3703 | Etictelecom | Insufficient Verification of Data Authenticity vulnerability in Etictelecom Remote Access Server Firmware 4.5.0 All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device. | 10.0 |
2022-11-10 | CVE-2022-40981 | Etictelecom | Unrestricted Upload of File with Dangerous Type vulnerability in Etictelecom Remote Access Server Firmware 4.5.0 All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. | 10.0 |
2022-11-12 | CVE-2022-38652 | Vmware | Deserialization of Untrusted Data vulnerability in VMWare Hyperic Agent 5.8.6 A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. | 9.9 |
2022-11-10 | CVE-2022-39395 | GO Vela | Improper Privilege Management vulnerability in Go-Vela UI Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. | 9.9 |
2022-11-13 | CVE-2022-3972 | HMS PHP Project | Improper Enforcement of Message or Data Structure vulnerability in Hms-PHP Project Hms-PHP A vulnerability was found in Pingkon HMS-PHP. | 9.8 |
2022-11-13 | CVE-2022-3973 | HMS PHP Project | Improper Enforcement of Message or Data Structure vulnerability in Hms-PHP Project Hms-PHP A vulnerability classified as critical has been found in Pingkon HMS-PHP. | 9.8 |
2022-11-12 | CVE-2022-38651 | Vmware | Unspecified vulnerability in VMWare Hyperic Server 5.8.6 A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. | 9.8 |
2022-11-12 | CVE-2022-43671 | Zohocorp | SQL Injection vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. | 9.8 |
2022-11-12 | CVE-2022-43672 | Zohocorp | SQL Injection vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | 9.8 |
2022-11-11 | CVE-2022-45182 | Pistar | Unspecified vulnerability in Pistar Pi-Star Digital Voice Dashboard Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. | 9.8 |
2022-11-11 | CVE-2022-34331 | IBM | Improper Authentication vulnerability in IBM Powervm Hypervisor Fw1010/Fw950 After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. | 9.8 |
2022-11-11 | CVE-2022-26845 | Intel | Improper Authentication vulnerability in Intel Active Management Technology Firmware Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2022-11-11 | CVE-2022-29486 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Hyperscan Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2022-11-11 | CVE-2022-3955 | Crm42 Project | SQL Injection vulnerability in Crm42 Project Crm42 A vulnerability was found in tholum crm42. | 9.8 |
2022-11-11 | CVE-2022-3956 | Hhims Project | SQL Injection vulnerability in Hhims Project Hhims 2.1 A vulnerability classified as critical has been found in tsruban HHIMS 2.1. | 9.8 |
2022-11-11 | CVE-2022-3947 | Eolink | SQL Injection vulnerability in Eolink Goku Lite A vulnerability classified as critical has been found in eolinker goku_lite. | 9.8 |
2022-11-11 | CVE-2022-3948 | Eolink | SQL Injection vulnerability in Eolink Goku Lite A vulnerability classified as critical was found in eolinker goku_lite. | 9.8 |
2022-11-11 | CVE-2022-3939 | Ferry Project | Path Traversal vulnerability in Ferry Project Ferry A vulnerability, which was classified as critical, has been found in lanyulei ferry. | 9.8 |
2022-11-11 | CVE-2022-3940 | Ferry Project | Path Traversal vulnerability in Ferry Project Ferry A vulnerability, which was classified as problematic, was found in lanyulei ferry. | 9.8 |
2022-11-11 | CVE-2022-41892 | Archesproject | SQL Injection vulnerability in Archesproject Arches Arches is a web platform for creating, managing, & visualizing geospatial data. | 9.8 |
2022-11-11 | CVE-2022-36938 | Improper Validation of Specified Quantity in Input vulnerability in Facebook Redex DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file. | 9.8 | |
2022-11-10 | CVE-2022-41878 | Parseplatform | Unspecified vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 9.8 |
2022-11-10 | CVE-2022-41879 | Parseplatform | Unspecified vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 9.8 |
2022-11-10 | CVE-2022-39394 | Bytecodealliance | Out-of-bounds Write vulnerability in Bytecodealliance Wasmtime Wasmtime is a standalone runtime for WebAssembly. | 9.8 |
2022-11-10 | CVE-2022-43074 | Ayacms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Ayacms Project Ayacms 3.1.2 AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. | 9.8 |
2022-11-10 | CVE-2022-45063 | Invisible Island Fedoraproject | Command Injection vulnerability in multiple products xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. | 9.8 |
2022-11-10 | CVE-2022-38119 | Upspowercom | Improper Authentication vulnerability in Upspowercom Upsmon PRO 2.57 UPSMON Pro login function has insufficient authentication. | 9.8 |
2022-11-10 | CVE-2022-39036 | Flowring | Unrestricted Upload of File with Dangerous Type vulnerability in Flowring Agentflow 4.0.0.1183.552 The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. | 9.8 |
2022-11-10 | CVE-2022-44087 | Ecisp | Unspecified vulnerability in Ecisp Espcms P8.21120101 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. | 9.8 |
2022-11-10 | CVE-2022-44088 | Ecisp | Unspecified vulnerability in Ecisp Espcms P8.21120101 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. | 9.8 |
2022-11-10 | CVE-2022-44089 | Ecisp | Unspecified vulnerability in Ecisp Espcms P8.21120101 ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. | 9.8 |
2022-11-10 | CVE-2022-39396 | Parseplatform | Unspecified vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 9.8 |
2022-11-09 | CVE-2022-39892 | Samsung | Improper Authentication vulnerability in Samsung Pass Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. | 9.8 |
2022-11-09 | CVE-2021-46851 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The DRM module has a vulnerability in verifying the secure memory attributes. | 9.8 |
2022-11-09 | CVE-2022-31685 | Vmware | Unspecified vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. | 9.8 |
2022-11-09 | CVE-2022-31686 | Vmware | Unspecified vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. | 9.8 |
2022-11-09 | CVE-2022-31687 | Vmware | Unspecified vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. | 9.8 |
2022-11-09 | CVE-2022-31689 | Vmware | Session Fixation vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. | 9.8 |
2022-11-09 | CVE-2022-43058 | Online Diagnostic LAB Management System Project | SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity. | 9.8 |
2022-11-09 | CVE-2022-44551 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The iaware module has a vulnerability in thread security. | 9.8 |
2022-11-09 | CVE-2022-44558 | Huawei | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. | 9.8 |
2022-11-09 | CVE-2022-44559 | Huawei | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. | 9.8 |
2022-11-09 | CVE-2022-44562 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The system framework layer has a vulnerability of serialization/deserialization mismatch. | 9.8 |
2022-11-09 | CVE-2022-25932 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.37/3.5.4 The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. | 9.8 |
2022-11-09 | CVE-2021-34569 | Wago | Out-of-bounds Write vulnerability in Wago products In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. | 9.8 |
2022-11-09 | CVE-2022-40797 | Roxyfileman | Unrestricted Upload of File with Dangerous Type vulnerability in Roxyfileman Roxy Fileman 1.4.6 Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. | 9.8 |
2022-11-09 | CVE-2022-45062 | Xfce Debian Fedoraproject | Argument Injection or Modification vulnerability in multiple products In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | 9.8 |
2022-11-08 | CVE-2022-27510 | Citrix | Improper Authentication vulnerability in Citrix Application Delivery Controller Firmware and Gateway Unauthorized access to Gateway user capabilities | 9.8 |
2022-11-08 | CVE-2022-27516 | Citrix | Improper Restriction of Excessive Authentication Attempts vulnerability in Citrix Application Delivery Controller Firmware and Gateway User login brute force protection functionality bypass | 9.8 |
2022-11-08 | CVE-2022-34822 | NEC | Path Traversal vulnerability in NEC products Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 9.8 |
2022-11-08 | CVE-2022-34823 | NEC | Classic Buffer Overflow vulnerability in NEC products Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 9.8 |
2022-11-08 | CVE-2022-34824 | NEC | Incorrect Default Permissions vulnerability in NEC products Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 9.8 |
2022-11-08 | CVE-2022-34825 | NEC | Uncontrolled Search Path Element vulnerability in NEC products Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | 9.8 |
2022-11-08 | CVE-2022-37015 | Symantec | Unspecified vulnerability in Symantec Endpoint Detection and Response Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 9.8 |
2022-11-08 | CVE-2022-33321 | Mitsubishielectric | Cleartext Transmission of Sensitive Information vulnerability in Mitsubishielectric products Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | 9.8 |
2022-11-08 | CVE-2022-27858 | Activity LOG Project | Improper Neutralization of Formula Elements in a CSV File vulnerability in Activity LOG Project Activity LOG CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | 9.8 |
2022-11-08 | CVE-2022-44457 | Mendix | Authentication Bypass by Capture-replay vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). | 9.8 |
2022-11-08 | CVE-2022-39352 | Openfga | Incorrect Authorization vulnerability in Openfga OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. | 9.8 |
2022-11-08 | CVE-2022-31199 | Netwrix | Deserialization of Untrusted Data vulnerability in Netwrix Auditor 9.7/9.8 Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. | 9.8 |
2022-11-07 | CVE-2022-3878 | Maxonerp | SQL Injection vulnerability in Maxonerp Maxon A vulnerability classified as critical has been found in Maxon ERP. | 9.8 |
2022-11-07 | CVE-2022-43303 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Strings 0.1.0 The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-43304 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Timer 0.1.0 The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-43305 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Python 0.1.0 The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-44048 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Urls 0.1.0 The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-44049 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Python 0.1.0 The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-44050 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Networking 0.1.0 The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-44051 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Stats 0.1.0 The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-44052 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Dates 0.1.0 The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-44053 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Networking 0.1.0 The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-44054 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Xml 0.1.0 The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 9.8 |
2022-11-07 | CVE-2022-42920 | Apache Fedoraproject | Out-of-bounds Write vulnerability in multiple products Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. | 9.8 |
2022-11-07 | CVE-2022-3463 | Fluentforms | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fluentforms Contact Form The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | 9.8 |
2022-11-07 | CVE-2022-3481 | Opmc | SQL Injection vulnerability in Opmc Woocommerce Dropshipping The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection | 9.8 |
2022-11-07 | CVE-2022-44796 | Objectfirst | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Objectfirst Object First 1.0.7.712 An issue was discovered in Object First Ootbi BETA build 1.0.7.712. | 9.8 |
2022-11-07 | CVE-2022-44797 | Btcd Project | Unspecified vulnerability in Btcd Project Btcd btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. | 9.8 |
2022-11-11 | CVE-2022-26513 | Intel | Out-of-bounds Write vulnerability in Intel XMM 7560 Firmware Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 9.6 |
2022-11-09 | CVE-2022-3890 | Google Debian | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2022-11-08 | CVE-2022-27513 | Citrix | Insufficient Verification of Data Authenticity vulnerability in Citrix Application Delivery Controller Firmware and Gateway Remote desktop takeover via phishing | 9.6 |
2022-11-10 | CVE-2022-44727 | Lineagrafica | SQL Injection vulnerability in Lineagrafica EU Cookie LAW Gdpr The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). | 9.1 |
2022-11-09 | CVE-2022-39881 | Samsung | Out-of-bounds Read vulnerability in Samsung Exynos Firmware Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. | 9.1 |
2022-11-09 | CVE-2021-34566 | Wago | Classic Buffer Overflow vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS. | 9.1 |
2022-11-07 | CVE-2022-37865 | Apache | Path Traversal vulnerability in Apache IVY 2.4.0/2.5.0 With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. | 9.1 |
2022-11-07 | CVE-2022-42905 | Wolfssl | Out-of-bounds Read vulnerability in Wolfssl In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. | 9.1 |
2022-11-10 | CVE-2022-3726 | Gitlab | Unspecified vulnerability in Gitlab Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account. | 9.0 |
229 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-11-13 | CVE-2022-3976 | MZ Automation | Path Traversal vulnerability in Mz-Automation Libiec61850 A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. | 8.8 |
2022-11-13 | CVE-2022-3974 | Axiosys | Out-of-bounds Write vulnerability in Axiosys Bento4 20221008 A vulnerability classified as critical was found in Axiomatic Bento4. | 8.8 |
2022-11-13 | CVE-2022-3970 | Libtiff Netapp Debian Apple | Numeric Errors vulnerability in multiple products A vulnerability was found in LibTIFF. | 8.8 |
2022-11-12 | CVE-2022-40773 | Zohocorp | Improper Input Validation vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. | 8.8 |
2022-11-12 | CVE-2022-45193 | Bruhn Newtech | Incorrect Permission Assignment for Critical Resource vulnerability in Bruhn-Newtech Cbrn-Analysis CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | 8.8 |
2022-11-11 | CVE-2022-38387 | IBM | OS Command Injection vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
2022-11-11 | CVE-2022-26341 | Intel | Insufficiently Protected Credentials vulnerability in Intel products Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 |
2022-11-11 | CVE-2022-29893 | Intel | Improper Authentication vulnerability in Intel Active Management Technology Firmware Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 |
2022-11-11 | CVE-2022-33942 | Intel | Unspecified vulnerability in Intel Data Center Manager 3.6.2 Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |
2022-11-11 | CVE-2022-3944 | ERP Project | Unrestricted Upload of File with Dangerous Type vulnerability in ERP Project ERP A vulnerability was found in jerryhanjj ERP. | 8.8 |
2022-11-10 | CVE-2022-39038 | Flowring | Improper Authentication vulnerability in Flowring Agentflow 4.0.0.1183.552 Agentflow BPM enterprise management system has improper authentication. | 8.8 |
2022-11-10 | CVE-2022-42787 | WUT | Use of Insufficiently Random Values vulnerability in WUT products Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. | 8.8 |
2022-11-09 | CVE-2022-41047 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
2022-11-09 | CVE-2022-41048 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
2022-11-09 | CVE-2022-41062 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2022-11-09 | CVE-2022-41080 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.8 |
2022-11-09 | CVE-2022-41128 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows Scripting Languages Remote Code Execution Vulnerability | 8.8 |
2022-11-09 | CVE-2022-43031 | Dedecms | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 6.1.9 DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. | 8.8 |
2022-11-09 | CVE-2022-3445 | Use After Free vulnerability in Google Chrome Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-11-09 | CVE-2022-3446 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-11-09 | CVE-2022-3448 | Use After Free vulnerability in Google Chrome Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-11-09 | CVE-2022-3449 | Use After Free vulnerability in Google Chrome Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 | |
2022-11-09 | CVE-2022-3450 | Use After Free vulnerability in Google Chrome Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-11-09 | CVE-2022-28689 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. | 8.8 |
2022-11-09 | CVE-2022-30543 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. | 8.8 |
2022-11-09 | CVE-2022-3885 | Google Debian | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-11-09 | CVE-2022-3886 | Google Debian | Use After Free vulnerability in multiple products Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-11-09 | CVE-2022-3887 | Google Debian | Use After Free vulnerability in multiple products Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-11-09 | CVE-2022-3888 | Google Debian | Use After Free vulnerability in multiple products Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-11-09 | CVE-2022-3889 | Google Debian | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-11-08 | CVE-2022-41203 | SAP | Deserialization of Untrusted Data vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3 In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. | 8.8 |
2022-11-08 | CVE-2022-38137 | Analytify | Cross-Site Request Forgery (CSRF) vulnerability in Analytify - Google Analytics Dashboard Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. | 8.8 |
2022-11-08 | CVE-2022-41136 | Getshortcodes | Cross-Site Request Forgery (CSRF) vulnerability in Getshortcodes Shortcodes Ultimate Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | 8.8 |
2022-11-08 | CVE-2022-44741 | Slidervilla | Cross-Site Request Forgery (CSRF) vulnerability in Slidervilla Testimonial Slider Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | 8.8 |
2022-11-08 | CVE-2022-41757 | ARM | Unspecified vulnerability in ARM Valhall GPU Kernel Driver An issue was discovered in the Arm Mali GPU Kernel Driver. | 8.8 |
2022-11-08 | CVE-2022-43398 | Siemens | Session Fixation vulnerability in Siemens products A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). | 8.8 |
2022-11-08 | CVE-2022-43439 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). | 8.8 |
2022-11-08 | CVE-2022-43545 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). | 8.8 |
2022-11-08 | CVE-2022-43546 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). | 8.8 |
2022-11-07 | CVE-2022-43306 | Democritus | Unrestricted Upload of File with Dangerous Type vulnerability in Democritus D8S-Timer 0.1.0 The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. | 8.8 |
2022-11-07 | CVE-2022-43318 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Human Resource Management System 1.0 Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | 8.8 |
2022-11-07 | CVE-2022-3494 | Really Simple Plugins | SQL Injection vulnerability in Really-Simple-Plugins Complianz The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. | 8.8 |
2022-11-07 | CVE-2022-3536 | Addify | Deserialization of Untrusted Data vulnerability in Addify Role Based Pricing for Woocommerce The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog | 8.8 |
2022-11-07 | CVE-2022-3537 | Addify | Unrestricted Upload of File with Dangerous Type vulnerability in Addify Role Based Pricing for Woocommerce The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP | 8.8 |
2022-11-07 | CVE-2022-44794 | Objectfirst | Unspecified vulnerability in Objectfirst Object First 1.0.7.712 An issue was discovered in Object First Ootbi BETA build 1.0.7.712. | 8.8 |
2022-11-11 | CVE-2022-41906 | Amazon | Server-Side Request Forgery (SSRF) vulnerability in Amazon Opensearch Notifications OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. | 8.7 |
2022-11-08 | CVE-2022-41214 | SAP | Improper Input Validation vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. | 8.7 |
2022-11-10 | CVE-2022-39393 | Bytecodealliance | Improper Cross-boundary Removal of Sensitive Data vulnerability in Bytecodealliance Wasmtime Wasmtime is a standalone runtime for WebAssembly. | 8.6 |
2022-11-07 | CVE-2022-3872 | Qemu | Off-by-one Error vulnerability in Qemu An off-by-one read/write issue was found in the SDHCI device of QEMU. | 8.6 |
2022-11-11 | CVE-2022-27639 | Intel | Incomplete Cleanup vulnerability in Intel XMM 7560 Firmware Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 8.4 |
2022-11-11 | CVE-2022-26079 | Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in Intel XMM 7560 Firmware Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 8.2 |
2022-11-11 | CVE-2022-26367 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel XMM 7560 Firmware Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 8.2 |
2022-11-11 | CVE-2022-28126 | Intel | Improper Input Validation vulnerability in Intel XMM 7560 Firmware Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | 8.2 |
2022-11-10 | CVE-2022-39368 | Eclipse | Incomplete Cleanup vulnerability in Eclipse Californium Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. | 8.2 |
2022-11-09 | CVE-2021-34567 | Wago | Out-of-bounds Read vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read. | 8.2 |
2022-11-13 | CVE-2022-3979 | Nagvis | Incorrect Type Conversion or Cast vulnerability in Nagvis A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. | 8.1 |
2022-11-13 | CVE-2022-3964 | Ffmpeg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg A vulnerability classified as problematic has been found in ffmpeg. | 8.1 |
2022-11-13 | CVE-2022-3965 | Ffmpeg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg 5.0/5.0.1/5.1 A vulnerability classified as problematic was found in ffmpeg. | 8.1 |
2022-11-11 | CVE-2022-26369 | Intel | Out-of-bounds Read vulnerability in Intel XMM 7560 Firmware Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 8.1 |
2022-11-09 | CVE-2022-37966 | Microsoft Fedoraproject Netapp Samba | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | 8.1 |
2022-11-09 | CVE-2022-38023 | Microsoft Fedoraproject Netapp Samba | Netlogon RPC Elevation of Privilege Vulnerability | 8.1 |
2022-11-09 | CVE-2022-39306 | Grafana | Improper Input Validation vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 8.1 |
2022-11-09 | CVE-2022-41039 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-11-09 | CVE-2022-41044 | Microsoft | Race Condition vulnerability in Microsoft Windows 7 and Windows Server 2008 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-11-09 | CVE-2022-41088 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
2022-11-09 | CVE-2022-29888 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. | 8.1 |
2022-11-08 | CVE-2022-39328 | Grafana | Race Condition vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 8.1 |
2022-11-08 | CVE-2022-44311 | Html2Xhtml Project | Out-of-bounds Read vulnerability in Html2Xhtml Project Html2Xhtml 1.3 html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. | 8.1 |
2022-11-09 | CVE-2022-41078 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.0 |
2022-11-09 | CVE-2022-41079 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.0 |
2022-11-07 | CVE-2022-3558 | Codection | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codection Import and Export Users and Customers The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. | 8.0 |
2022-11-13 | CVE-2022-3967 | Vestacp | Improper Enforcement of Message or Data Structure vulnerability in Vestacp Control Panel A vulnerability, which was classified as critical, was found in Vesta Control Panel. | 7.8 |
2022-11-12 | CVE-2022-45188 | Netatalk Debian Fedoraproject | Out-of-bounds Write vulnerability in multiple products Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. | 7.8 |
2022-11-12 | CVE-2022-41339 | Zohocorp | Unspecified vulnerability in Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4 In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | 7.8 |
2022-11-11 | CVE-2022-41882 | Nextcloud | Code Injection vulnerability in Nextcloud Desktop 3.6.0 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. | 7.8 |
2022-11-11 | CVE-2021-33064 | Intel | Uncontrolled Search Path Element vulnerability in Intel System Studio Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-26024 | Intel | Unspecified vulnerability in Intel products Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-26124 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-27187 | Intel | Uncontrolled Search Path Element vulnerability in Intel Quartus Prime Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-27638 | Intel | Uncontrolled Search Path Element vulnerability in Intel Advanced Link Analyzer Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-30297 | Intel | Cross-site Scripting vulnerability in Intel Endpoint Management Assistant Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-30548 | Intel | Uncontrolled Search Path Element vulnerability in Intel Glorp 1.0.0 Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-36370 | Intel | Improper Authentication vulnerability in Intel products Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-36377 | Intel | Incorrect Default Permissions vulnerability in Intel NUC KIT Wireless Adapter Driver Installer Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-36400 | Intel | Path Traversal vulnerability in Intel NUC KIT Wireless Adapter Driver Installer Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-36789 | Intel | Unspecified vulnerability in Intel products Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-37334 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-37345 | Intel | Improper Authentication vulnerability in Intel products Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-11 | CVE-2022-38099 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-11-09 | CVE-2022-37992 | Microsoft | Unspecified vulnerability in Microsoft products Windows Group Policy Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-39880 | Improper Input Validation vulnerability in Google Android 11.0/12.0 Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. | 7.8 | |
2022-11-09 | CVE-2022-39882 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. | 7.8 | |
2022-11-09 | CVE-2022-39883 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. | 7.8 | |
2022-11-09 | CVE-2022-41045 | Microsoft | Race Condition vulnerability in Microsoft products Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41050 | Microsoft | Unspecified vulnerability in Microsoft products Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41051 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41052 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41054 | Microsoft | Unspecified vulnerability in Microsoft products Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41057 | Microsoft | Unspecified vulnerability in Microsoft products Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41061 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Word Remote Code Execution Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41063 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability. | 7.8 |
2022-11-09 | CVE-2022-41073 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41092 | Microsoft | Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022 Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41093 | Microsoft | Race Condition vulnerability in Microsoft products Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41095 | Microsoft | Unspecified vulnerability in Microsoft products Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41096 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41100 | Microsoft | Race Condition vulnerability in Microsoft products Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41101 | Microsoft | Unspecified vulnerability in Microsoft products Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41102 | Microsoft | Unspecified vulnerability in Microsoft products Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41106 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability. | 7.8 |
2022-11-09 | CVE-2022-41107 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Office Graphics Remote Code Execution Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41109 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41113 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41119 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2017 Visual Studio Remote Code Execution Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41120 | Microsoft | Unspecified vulnerability in Microsoft Windows Sysmon Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41123 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2022-41125 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
2022-11-09 | CVE-2020-12930 | AMD | Unspecified vulnerability in AMD products Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
2022-11-09 | CVE-2020-12931 | AMD | Unspecified vulnerability in AMD products Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
2022-11-09 | CVE-2021-26360 | AMD | Unspecified vulnerability in AMD products An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. | 7.8 |
2022-11-09 | CVE-2021-26391 | AMD | Unspecified vulnerability in AMD products Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | 7.8 |
2022-11-09 | CVE-2021-26392 | AMD | Out-of-bounds Write vulnerability in AMD products Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 7.8 |
2022-11-09 | CVE-2022-43310 | Foxitsoftware | Uncontrolled Search Path Element vulnerability in Foxitsoftware Foxit Reader An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | 7.8 |
2022-11-09 | CVE-2022-32588 | Accusoft | Out-of-bounds Write vulnerability in Accusoft Imagegear 20.0 An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. | 7.8 |
2022-11-09 | CVE-2022-31253 | Opensuse | Untrusted Search Path vulnerability in Opensuse Openldap2 A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. | 7.8 |
2022-11-08 | CVE-2021-1050 | Out-of-bounds Write vulnerability in Google Android In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2022-11-08 | CVE-2021-39661 | Out-of-bounds Write vulnerability in Google Android In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2022-11-08 | CVE-2022-20441 | Unspecified vulnerability in Google Android In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. | 7.8 | |
2022-11-08 | CVE-2022-20450 | Missing Authorization vulnerability in Google Android In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. | 7.8 | |
2022-11-08 | CVE-2022-20451 | Missing Authorization vulnerability in Google Android In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. | 7.8 | |
2022-11-08 | CVE-2022-20452 | Unspecified vulnerability in Google Android 13.0 In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. | 7.8 | |
2022-11-08 | CVE-2022-20462 | Out-of-bounds Write vulnerability in Google Android In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2022-11-08 | CVE-2022-41211 | SAP | Out-of-bounds Write vulnerability in SAP products Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
2022-11-08 | CVE-2022-32601 | Deserialization of Untrusted Data vulnerability in Google Android 10.0/11.0/12.0 In telephony, there is a possible permission bypass due to a parcel format mismatch. | 7.8 | |
2022-11-08 | CVE-2022-39377 | Sysstat Project Debian Fedoraproject | Incorrect Calculation of Buffer Size vulnerability in multiple products sysstat is a set of system performance tools for the Linux operating system. | 7.8 |
2022-11-08 | CVE-2022-39136 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). | 7.8 |
2022-11-08 | CVE-2022-39157 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid 34.0.252/34.1.242/35.0.170 A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184), Simcenter Femap (All versions < V2023.1). | 7.8 |
2022-11-08 | CVE-2022-41660 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). | 7.8 |
2022-11-08 | CVE-2022-41661 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). | 7.8 |
2022-11-08 | CVE-2022-41662 | Siemens | Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). | 7.8 |
2022-11-08 | CVE-2022-41663 | Siemens | Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). | 7.8 |
2022-11-08 | CVE-2022-41664 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). | 7.8 |
2022-11-08 | CVE-2022-43397 | Siemens | Out-of-bounds Write vulnerability in Siemens Parasolid A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Simcenter Femap (All versions < V2023.1). | 7.8 |
2022-11-08 | CVE-2022-39343 | Microsoft | Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft Azure Rtos Filex Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. | 7.8 |
2022-11-07 | CVE-2022-43359 | Gifdec Project | Out-of-bounds Read vulnerability in Gifdec Project Gifdec Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read in the function read_image_data. | 7.8 |
2022-11-07 | CVE-2022-44747 | Acronis | Link Following vulnerability in Acronis Cyber Protect Home Office Local privilege escalation due to improper soft link handling. | 7.8 |
2022-11-07 | CVE-2022-44732 | Acronis | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis Cyber Protect Home Office Local privilege escalation due to insecure folder permissions. | 7.8 |
2022-11-07 | CVE-2022-44733 | Acronis | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis Cyber Protect Home Office Local privilege escalation due to insecure folder permissions. | 7.8 |
2022-11-07 | CVE-2022-37710 | Pattersondental | Use of Hard-coded Credentials vulnerability in Pattersondental Eaglesoft 21.0 Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. | 7.8 |
2022-11-07 | CVE-2022-42919 | Python Fedoraproject | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. | 7.8 |
2022-11-08 | CVE-2022-43958 | Siemens | Unprotected Storage of Credentials vulnerability in Siemens QMS Automotive A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). | 7.6 |
2022-11-13 | CVE-2022-3966 | Ultimatemember | Path Traversal vulnerability in Ultimatemember Ultimate Member A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. | 7.5 |
2022-11-12 | CVE-2022-45196 | Hyperledger | Always-Incorrect Control Flow Implementation vulnerability in Hyperledger Fabric 2.3 Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. | 7.5 |
2022-11-11 | CVE-2022-26508 | Intel | Improper Authentication vulnerability in Intel Server Debug and Provisioning Tool Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2022-11-11 | CVE-2022-27233 | Intel | XML Injection (aka Blind XPath Injection) vulnerability in Intel Quartus Prime XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2022-11-11 | CVE-2022-27497 | Intel | NULL Pointer Dereference vulnerability in Intel Active Management Technology Firmware Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2022-11-10 | CVE-2022-40225 | Siemens | Incorrect Conversion between Numeric Types vulnerability in Siemens Siplus TIM 1531 IRC Firmware 2.3.6 A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). | 7.5 |
2022-11-10 | CVE-2022-41607 | Etictelecom | Path Traversal vulnerability in Etictelecom Remote Access Server Firmware 4.5.0 All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. | 7.5 |
2022-11-10 | CVE-2022-41719 | Messagepack Project | Unspecified vulnerability in Messagepack Project Messagepack Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. | 7.5 |
2022-11-10 | CVE-2021-40226 | Glyphandcog | Out-of-bounds Write vulnerability in Glyphandcog Xpdfreader 4.03 xpdfreader 4.03 is vulnerable to Buffer Overflow. | 7.5 |
2022-11-10 | CVE-2022-38122 | Upspowercom | Cleartext Transmission of Sensitive Information vulnerability in Upspowercom Upsmon PRO 2.57 UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. | 7.5 |
2022-11-10 | CVE-2022-39037 | Flowring | Path Traversal vulnerability in Flowring Agentflow 4.0.0.1183.552 Agentflow BPM file download function has a path traversal vulnerability. | 7.5 |
2022-11-10 | CVE-2022-45129 | Payara | Files or Directories Accessible to External Parties vulnerability in Payara Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. | 7.5 |
2022-11-09 | CVE-2022-3285 | Gitlab | Unspecified vulnerability in Gitlab Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab | 7.5 |
2022-11-09 | CVE-2022-39890 | Samsung | Unspecified vulnerability in Samsung Billing Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. | 7.5 |
2022-11-09 | CVE-2022-39891 | Samsung | Out-of-bounds Write vulnerability in Samsung Editor Lite 4.0.40.14 Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. | 7.5 |
2022-11-09 | CVE-2022-41053 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kerberos Denial of Service Vulnerability | 7.5 |
2022-11-09 | CVE-2022-41056 | Microsoft | Unspecified vulnerability in Microsoft products Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | 7.5 |
2022-11-09 | CVE-2022-41058 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
2022-11-09 | CVE-2022-41085 | Microsoft | Unspecified vulnerability in Microsoft Azure Cyclecloud 7.0/8.0 Azure CycleCloud Elevation of Privilege Vulnerability | 7.5 |
2022-11-09 | CVE-2022-41118 | Microsoft | Race Condition vulnerability in Microsoft products Windows Scripting Languages Remote Code Execution Vulnerability | 7.5 |
2022-11-09 | CVE-2021-46852 | Huawei | Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos The memory management module has the logic bypass vulnerability. | 7.5 |
2022-11-09 | CVE-2022-23831 | AMD | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation of the IOCTL input buffer in AMD µProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | 7.5 |
2022-11-09 | CVE-2022-27673 | AMD | Unspecified vulnerability in AMD Link Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | 7.5 |
2022-11-09 | CVE-2022-27674 | AMD | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation in the IOCTL input/output buffer in AMD µProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | 7.5 |
2022-11-09 | CVE-2022-44546 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. | 7.5 |
2022-11-09 | CVE-2022-44547 | Huawei | Use After Free vulnerability in Huawei Emui and Harmonyos The Display Service module has a UAF vulnerability. | 7.5 |
2022-11-09 | CVE-2022-44549 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The LBS module has a vulnerability in geofencing API access. | 7.5 |
2022-11-09 | CVE-2022-44550 | Huawei | Use After Free vulnerability in Huawei Emui and Harmonyos The graphics display module has a UAF vulnerability when traversing graphic layers. | 7.5 |
2022-11-09 | CVE-2022-44552 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The lock screen module has defects introduced in the design process. | 7.5 |
2022-11-09 | CVE-2022-44554 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The power module has a vulnerability in permission verification. | 7.5 |
2022-11-09 | CVE-2022-44555 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The DDMP/ODMF module has a service hijacking vulnerability. | 7.5 |
2022-11-09 | CVE-2022-44557 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. | 7.5 |
2022-11-09 | CVE-2022-44561 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos The preset launcher module has a permission verification vulnerability. | 7.5 |
2022-11-09 | CVE-2022-42964 | Pymatgen | Unspecified vulnerability in Pymatgen An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method | 7.5 |
2022-11-09 | CVE-2022-42965 | Snowflake | Unspecified vulnerability in Snowflake Snowflake-Connector-Python An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | 7.5 |
2022-11-09 | CVE-2022-42966 | Python Poetry | Unspecified vulnerability in Python-Poetry Cleo An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method | 7.5 |
2022-11-09 | CVE-2021-34579 | Phoenixcontact | Unspecified vulnerability in Phoenixcontact FL Mguard DM 1.12.0/1.13.0 In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). | 7.5 |
2022-11-09 | CVE-2021-34568 | Wago | Allocation of Resources Without Limits or Throttling vulnerability in Wago products In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | 7.5 |
2022-11-09 | CVE-2022-45061 | Python Fedoraproject Netapp | Algorithmic Complexity vulnerability in multiple products An issue was discovered in Python before 3.11.1. | 7.5 |
2022-11-09 | CVE-2022-45059 | Varnish Cache Project Fedoraproject | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. | 7.5 |
2022-11-09 | CVE-2022-45060 | Varnish Software Varnish Cache Project Fedoraproject Debian | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. | 7.5 |
2022-11-08 | CVE-2022-20445 | Improper Validation of Specified Quantity in Input vulnerability in Google Android In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. | 7.5 | |
2022-11-08 | CVE-2022-39386 | Fastify | Unspecified vulnerability in Fastify Websocket @fastify/websocket provides WebSocket support for Fastify. | 7.5 |
2022-11-08 | CVE-2022-26446 | Mediatek | Reachable Assertion vulnerability in Mediatek products In Modem 4G RRC, there is a possible system crash due to improper input validation. | 7.5 |
2022-11-08 | CVE-2022-44556 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos Missing parameter type validation in the DRM module. | 7.5 |
2022-11-08 | CVE-2022-43343 | N Prolog Project | Classic Buffer Overflow vulnerability in N-Prolog Project N-Prolog 1.91 N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c. | 7.5 |
2022-11-07 | CVE-2022-43319 | Simple E Learning System Project | Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System 1.0 An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. | 7.5 |
2022-11-07 | CVE-2022-37866 | Apache | Path Traversal vulnerability in Apache IVY When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. | 7.5 |
2022-11-07 | CVE-2022-42955 | Passwork | Cleartext Storage of Sensitive Information vulnerability in Passwork 5.0.9 The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. | 7.5 |
2022-11-07 | CVE-2022-42956 | Passwork | Cleartext Storage of Sensitive Information vulnerability in Passwork 5.0.9 The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. | 7.5 |
2022-11-07 | CVE-2020-12509 | Badgermeter | Path Traversal vulnerability in Badgermeter Moni::Tool In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | 7.5 |
2022-11-10 | CVE-2022-39392 | Bytecodealliance | Out-of-bounds Write vulnerability in Bytecodealliance Wasmtime Wasmtime is a standalone runtime for WebAssembly. | 7.4 |
2022-11-11 | CVE-2022-26028 | Intel | Uncontrolled Search Path Element vulnerability in Intel Vtune Profiler Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2022-11-11 | CVE-2022-26086 | Intel | Uncontrolled Search Path Element vulnerability in Intel Gametechdev Presentmon Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2022-11-11 | CVE-2022-36380 | Intel | Uncontrolled Search Path Element vulnerability in Intel NUC KIT Wireless Adapter Driver Installer Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2022-11-11 | CVE-2022-36384 | Intel | Unquoted Search Path or Element vulnerability in Intel NUC KIT Wireless Adapter Driver Installer Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2022-11-07 | CVE-2022-44744 | Acronis | Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect Home Office Local privilege escalation due to DLL hijacking vulnerability. | 7.3 |
2022-11-11 | CVE-2022-26045 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel XMM 7560 Firmware Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 7.2 |
2022-11-11 | CVE-2022-27874 | Intel | Improper Authentication vulnerability in Intel XMM 7560 Firmware Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 7.2 |
2022-11-11 | CVE-2022-28611 | Intel | Improper Input Validation vulnerability in Intel XMM 7560 Firmware Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | 7.2 |
2022-11-09 | CVE-2022-37967 | Microsoft Fedoraproject Netapp Samba | Windows Kerberos Elevation of Privilege Vulnerability | 7.2 |
2022-11-09 | CVE-2022-43277 | Canteen Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Canteen Management System Project Canteen Management System 1.0 Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. | 7.2 |
2022-11-09 | CVE-2022-43278 | Canteen Management System Project | SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. | 7.2 |
2022-11-09 | CVE-2022-43290 | Canteen Management System Project | SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. | 7.2 |
2022-11-09 | CVE-2022-43291 | Canteen Management System Project | SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. | 7.2 |
2022-11-09 | CVE-2022-43292 | Canteen Management System Project | SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. | 7.2 |
2022-11-07 | CVE-2022-43049 | Canteen Management System Project | SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0 Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. | 7.2 |
2022-11-07 | CVE-2022-43050 | Online Tours AND Travels Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Tours and Travels Management System Project Online Tours and Travels Management System 1.0 Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. | 7.2 |
2022-11-07 | CVE-2022-43051 | Online Diagnostic LAB Management System Project | SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. | 7.2 |
2022-11-07 | CVE-2022-43052 | Online Diagnostic LAB Management System Project | SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. | 7.2 |
2022-11-07 | CVE-2022-42990 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. | 7.2 |
2022-11-07 | CVE-2022-43350 | Sanitization Management System Project | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | 7.2 |
2022-11-07 | CVE-2022-43352 | Sanitization Management System Project | SQL Injection vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. | 7.2 |
2022-11-07 | CVE-2022-2711 | Soflyy | Path Traversal vulnerability in Soflyy WP ALL Import The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. | 7.2 |
2022-11-07 | CVE-2022-3418 | Soflyy | Code Injection vulnerability in Soflyy WP ALL Import The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | 7.2 |
2022-11-11 | CVE-2022-3952 | Manydesigns | Exposure of Resource to Wrong Sphere vulnerability in Manydesigns Portofino 5.3.2 A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. | 7.1 |
2022-11-09 | CVE-2022-38014 | Microsoft | Race Condition vulnerability in Microsoft products Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | 7.0 |
2022-11-09 | CVE-2022-41114 | Microsoft | Race Condition vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022 Windows Bind Filter Driver Elevation of Privilege Vulnerability | 7.0 |
197 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-11-08 | CVE-2022-32617 | Incorrect Calculation of Buffer Size vulnerability in Google Android 11.0/12.0/13.0 In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. | 6.8 | |
2022-11-08 | CVE-2022-32618 | Incorrect Calculation of Buffer Size vulnerability in Google Android 11.0/12.0/13.0 In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. | 6.8 | |
2022-11-11 | CVE-2021-33159 | Intel | Improper Authentication vulnerability in Intel Active Management Technology Firmware Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2021-33164 | Intel | Unspecified vulnerability in Intel products Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2022-21794 | Intel | Improper Authentication vulnerability in Intel products Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2022-26006 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2022-30542 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2022-32569 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2022-33176 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2022-34152 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-11 | CVE-2022-35276 | Intel | Unspecified vulnerability in Intel products Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-11-10 | CVE-2021-0185 | Intel | Improper Input Validation vulnerability in Intel M10Jnp2Sb Firmware 7.209/7.210 Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access. | 6.7 |
2022-11-09 | CVE-2022-0031 | Paloaltonetworks | Insufficient Verification of Data Authenticity vulnerability in Paloaltonetworks Cortex Xsoar 6.5.0/6.6.0/6.8.0 A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. | 6.7 |
2022-11-08 | CVE-2022-20454 | Integer Overflow or Wraparound vulnerability in Google Android In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. | 6.7 | |
2022-11-08 | CVE-2022-21778 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In vpu, there is a possible information disclosure due to an incorrect bounds check. | 6.7 | |
2022-11-08 | CVE-2022-32603 | Out-of-bounds Write vulnerability in Google Android 12.0 In gpu drm, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2022-11-08 | CVE-2022-32605 | Out-of-bounds Write vulnerability in Google Android 12.0 In isp, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2022-11-08 | CVE-2022-32607 | Use After Free vulnerability in Google Android 11.0/12.0 In aee, there is a possible use after free due to a missing bounds check. | 6.7 | |
2022-11-08 | CVE-2022-32611 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0 In isp, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2022-11-08 | CVE-2022-32614 | Double Free vulnerability in Google Android 12.0 In audio, there is a possible memory corruption due to a logic error. | 6.7 | |
2022-11-08 | CVE-2022-32615 | Use of Uninitialized Resource vulnerability in Google Android 12.0 In ccd, there is a possible out of bounds write due to uninitialized data. | 6.7 | |
2022-11-08 | CVE-2022-32616 | Use of Uninitialized Resource vulnerability in Google Android 12.0 In isp, there is a possible out of bounds write due to uninitialized data. | 6.7 | |
2022-11-09 | CVE-2022-44244 | LIN CMS Project | Improper Authentication vulnerability in Lin-Cms Project Lin-Cms 0.2.1 An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | 6.6 |
2022-11-11 | CVE-2022-31772 | IBM | Improper Input Validation vulnerability in IBM MQ IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. | 6.5 |
2022-11-11 | CVE-2022-41904 | Element | Unspecified vulnerability in Element Element iOS is an iOS Matrix client provided by Element. | 6.5 |
2022-11-11 | CVE-2021-26251 | Intel | Improper Input Validation vulnerability in Intel Openvino 2018 Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. | 6.5 |
2022-11-11 | CVE-2022-26047 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. | 6.5 |
2022-11-11 | CVE-2022-28667 | Intel | Out-of-bounds Write vulnerability in Intel products Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2022-11-11 | CVE-2022-3957 | Gpac | Improper Resource Shutdown or Release vulnerability in Gpac A vulnerability classified as problematic was found in GPAC. | 6.5 |
2022-11-11 | CVE-2022-41854 | Snakeyaml Project Fedoraproject | Out-of-bounds Write vulnerability in multiple products Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). | 6.5 |
2022-11-10 | CVE-2022-38120 | Upspowercom | Path Traversal vulnerability in Upspowercom Upsmon PRO 2.57 UPSMON PRO’s has a path traversal vulnerability. | 6.5 |
2022-11-10 | CVE-2022-38121 | Upspowercom | Insufficiently Protected Credentials vulnerability in Upspowercom Upsmon PRO 2.57 UPSMON PRO configuration file stores user password in plaintext under public user directory. | 6.5 |
2022-11-10 | CVE-2022-45130 | Plesk | Cross-Site Request Forgery (CSRF) vulnerability in Plesk Obsidian Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. | 6.5 |
2022-11-09 | CVE-2022-38015 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Denial of Service Vulnerability | 6.5 |
2022-11-09 | CVE-2022-41097 | Microsoft | Unspecified vulnerability in Microsoft products Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | 6.5 |
2022-11-09 | CVE-2022-41122 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Server Spoofing Vulnerability | 6.5 |
2022-11-09 | CVE-2022-26023 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. | 6.5 |
2022-11-09 | CVE-2022-29481 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. | 6.5 |
2022-11-09 | CVE-2021-34577 | Kadenvodomery | Use of Hard-coded Credentials vulnerability in Kadenvodomery Picoflux AIR Firmware In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | 6.5 |
2022-11-09 | CVE-2022-41978 | Zohocorp | Unspecified vulnerability in Zohocorp Zoho CRM Lead Magnet Auth. | 6.5 |
2022-11-08 | CVE-2022-20447 | Use After Free vulnerability in Google Android 13.0 In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. | 6.5 | |
2022-11-08 | CVE-2022-41258 | SAP | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. | 6.5 |
2022-11-08 | CVE-2022-41259 | SAP | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | 6.5 |
2022-11-08 | CVE-2022-40128 | Algolplus | Cross-Site Request Forgery (CSRF) vulnerability in Algolplus Advanced Order Export Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. | 6.5 |
2022-11-08 | CVE-2022-42494 | Aioseo | Server-Side Request Forgery (SSRF) vulnerability in Aioseo ALL in ONE SEO Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | 6.5 |
2022-11-07 | CVE-2022-38164 | F Secure | Unspecified vulnerability in F-Secure Safe A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. | 6.5 |
2022-11-07 | CVE-2022-43351 | Sanitization Management System Project | Unspecified vulnerability in Sanitization Management System Project Sanitization Management System 1.0 Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | 6.5 |
2022-11-07 | CVE-2022-44795 | Objectfirst | Use of Insufficiently Random Values vulnerability in Objectfirst Object First 1.0.7.712 An issue was discovered in Object First Ootbi BETA build 1.0.7.712. | 6.5 |
2022-11-07 | CVE-2022-44792 | NET Snmp | NULL Pointer Dereference vulnerability in Net-Snmp handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 6.5 |
2022-11-07 | CVE-2022-44793 | NET Snmp | NULL Pointer Dereference vulnerability in Net-Snmp handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 6.5 |
2022-11-11 | CVE-2022-21198 | Intel | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Intel products Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.4 |
2022-11-09 | CVE-2022-41086 | Microsoft | Race Condition vulnerability in Microsoft products Windows Group Policy Elevation of Privilege Vulnerability | 6.4 |
2022-11-08 | CVE-2022-32608 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0 In jpeg, there is a possible use after free due to a race condition. | 6.4 | |
2022-11-08 | CVE-2022-32609 | Improper Synchronization vulnerability in Google Android 11.0/12.0/13.0 In vcu, there is a possible use after free due to a race condition. | 6.4 | |
2022-11-08 | CVE-2022-32610 | Improper Synchronization vulnerability in Google Android 11.0/12.0/13.0 In vcu, there is a possible use after free due to a race condition. | 6.4 | |
2022-11-08 | CVE-2022-32612 | Race Condition vulnerability in Google Android 11.0/12.0/13.0 In vcu, there is a possible use after free due to a race condition. | 6.4 | |
2022-11-08 | CVE-2022-32613 | Race Condition vulnerability in Google Android 11.0/12.0/13.0 In vcu, there is a possible memory corruption due to a race condition. | 6.4 | |
2022-11-13 | CVE-2022-3975 | Nukeviet | Improper Enforcement of Message or Data Structure vulnerability in Nukeviet A vulnerability, which was classified as problematic, has been found in NukeViet CMS. | 6.1 |
2022-11-13 | CVE-2022-3968 | Emlog | Cross-site Scripting vulnerability in Emlog A vulnerability has been found in emlog and classified as problematic. | 6.1 |
2022-11-11 | CVE-2022-41905 | Wsgidav Project | Cross-site Scripting vulnerability in Wsgidav Project Wsgidav WsgiDAV is a generic and extendable WebDAV server based on WSGI. | 6.1 |
2022-11-11 | CVE-2022-3950 | Publiccms | Cross-site Scripting vulnerability in Publiccms A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. | 6.1 |
2022-11-11 | CVE-2022-3949 | Simple Cashiering System Project | Cross-site Scripting vulnerability in Simple Cashiering System Project Simple Cashiering System 1.0 A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. | 6.1 |
2022-11-11 | CVE-2022-3942 | Sanitization Management System Project | Cross-site Scripting vulnerability in Sanitization Management System Project Sanitization Management System A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. | 6.1 |
2022-11-10 | CVE-2022-35740 | Dotcms | Cross-site Scripting vulnerability in Dotcms dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. | 6.1 |
2022-11-10 | CVE-2021-40289 | MM WKI Project | Cross-site Scripting vulnerability in Mm-Wki Project Mm-Wki 0.2.1 mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2022-11-10 | CVE-2022-39398 | Infotel | Cross-site Scripting vulnerability in Infotel Tasklists tasklists is a tasklists plugin for GLPI (Kanban). | 6.1 |
2022-11-09 | CVE-2022-3280 | Gitlab | Open Redirect vulnerability in Gitlab An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | 6.1 |
2022-11-09 | CVE-2022-3486 | Gitlab | Open Redirect vulnerability in Gitlab An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | 6.1 |
2022-11-09 | CVE-2022-31688 | Vmware | Cross-site Scripting vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. | 6.1 |
2022-11-09 | CVE-2022-43118 | Flatcore | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.1.0 A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. | 6.1 |
2022-11-09 | CVE-2022-43119 | Csphere | Cross-site Scripting vulnerability in Csphere Clansphere 2011.4 A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. | 6.1 |
2022-11-09 | CVE-2022-43120 | Intelliants | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field. | 6.1 |
2022-11-09 | CVE-2022-43121 | Intelliants | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. | 6.1 |
2022-11-09 | CVE-2022-43320 | Feehi | Cross-site Scripting vulnerability in Feehi Feehicms 2.1.1 FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. | 6.1 |
2022-11-09 | CVE-2022-43321 | Shopwind | Cross-site Scripting vulnerability in Shopwind 3.4.3 Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | 6.1 |
2022-11-08 | CVE-2022-41205 | SAP | Code Injection vulnerability in SAP GUI 7.70 SAP GUI allows an authenticated attacker to execute scripts in the local network. | 6.1 |
2022-11-08 | CVE-2022-41207 | SAP | Open Redirect vulnerability in SAP Biller Direct 635/750 SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. | 6.1 |
2022-11-08 | CVE-2022-41260 | SAP | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. | 6.1 |
2022-11-08 | CVE-2022-33322 | Mitsubishielectric | Cross-site Scripting vulnerability in Mitsubishielectric products Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. | 6.1 |
2022-11-08 | CVE-2022-27914 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! An issue was discovered in Joomla! 4.0.0 through 4.2.4. | 6.1 |
2022-11-08 | CVE-2022-36077 | Electronjs | Insufficiently Protected Credentials vulnerability in Electronjs Electron The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. | 6.1 |
2022-11-08 | CVE-2022-41434 | Eyesofnetwork | Cross-site Scripting vulnerability in Eyesofnetwork web Interface 5.3 EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. | 6.1 |
2022-11-07 | CVE-2022-43317 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Human Resource Management System 1.0 A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
2022-11-07 | CVE-2022-3873 | Diagrams | Cross-site Scripting vulnerability in Diagrams Drawio Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. | 6.1 |
2022-11-09 | CVE-2022-41090 | Microsoft | Race Condition vulnerability in Microsoft products Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
2022-11-09 | CVE-2022-41116 | Microsoft | Race Condition vulnerability in Microsoft Windows 7 and Windows Server 2008 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
2022-11-09 | CVE-2022-44563 | Huawei | Race Condition vulnerability in Huawei Emui and Harmonyos There is a race condition vulnerability in SD upgrade mode. | 5.9 |
2022-11-09 | CVE-2022-41064 | Microsoft | Unspecified vulnerability in Microsoft .Net Framework and Nuget .NET Framework Information Disclosure Vulnerability | 5.8 |
2022-11-13 | CVE-2022-3971 | Matrix | Improper Enforcement of Message or Data Structure vulnerability in Matrix IRC Bridge A vulnerability was found in matrix-appservice-irc up to 0.35.1. | 5.6 |
2022-11-13 | CVE-2022-3969 | Openkm | Insecure Temporary File vulnerability in Openkm A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. | 5.5 |
2022-11-11 | CVE-2022-29466 | Intel | Improper Input Validation vulnerability in Intel Server Platform Services Firmware Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-11-11 | CVE-2022-29515 | Intel | Memory Leak vulnerability in Intel Server Platform Services Firmware Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. | 5.5 |
2022-11-11 | CVE-2022-30691 | Intel | Resource Exhaustion vulnerability in Intel Support 21.7.40 Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-11-11 | CVE-2022-36349 | Intel | Insecure Default Initialization of Resource vulnerability in Intel products Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-11-10 | CVE-2022-34666 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia Cloud Gaming and Virtual GPU NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 5.5 |
2022-11-09 | CVE-2022-41055 | Microsoft | Unspecified vulnerability in Microsoft products Windows Human Interface Device Information Disclosure Vulnerability | 5.5 |
2022-11-09 | CVE-2022-41060 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Word Information Disclosure Vulnerability | 5.5 |
2022-11-09 | CVE-2022-41098 | Microsoft | Unspecified vulnerability in Microsoft products Windows GDI+ Information Disclosure Vulnerability | 5.5 |
2022-11-09 | CVE-2022-41103 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Word Information Disclosure Vulnerability | 5.5 |
2022-11-09 | CVE-2022-41104 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Excel and Office Microsoft Excel Security Feature Bypass Vulnerability | 5.5 |
2022-11-09 | CVE-2022-41105 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Excel Information Disclosure Vulnerability | 5.5 |
2022-11-09 | CVE-2021-26393 | AMD | Memory Leak vulnerability in AMD products Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. | 5.5 |
2022-11-09 | CVE-2022-23824 | XEN AMD Fedoraproject | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | 5.5 |
2022-11-08 | CVE-2022-20414 | Improper Handling of Exceptional Conditions vulnerability in Google Android In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. | 5.5 | |
2022-11-08 | CVE-2022-20426 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. | 5.5 | |
2022-11-08 | CVE-2022-20448 | Unspecified vulnerability in Google Android In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. | 5.5 | |
2022-11-08 | CVE-2022-20453 | Path Traversal vulnerability in Google Android In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. | 5.5 | |
2022-11-08 | CVE-2022-20457 | Improper Input Validation vulnerability in Google Android 13.0 In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. | 5.5 | |
2022-11-08 | CVE-2022-3821 | Systemd Project Redhat Fedoraproject | Off-by-one Error vulnerability in multiple products An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. | 5.5 |
2022-11-08 | CVE-2022-32602 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0 In keyinstall, there is a possible out of bounds read due to a missing bounds check. | 5.5 | |
2022-11-08 | CVE-2022-44312 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator. | 5.5 |
2022-11-08 | CVE-2022-44313 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. | 5.5 |
2022-11-08 | CVE-2022-44314 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. | 5.5 |
2022-11-08 | CVE-2022-44315 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. | 5.5 |
2022-11-08 | CVE-2022-44316 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken. | 5.5 |
2022-11-08 | CVE-2022-44317 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall. | 5.5 |
2022-11-08 | CVE-2022-44318 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall. | 5.5 |
2022-11-08 | CVE-2022-44319 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall. | 5.5 |
2022-11-08 | CVE-2022-44320 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall. | 5.5 |
2022-11-08 | CVE-2022-44321 | Picoc Project | Out-of-bounds Write vulnerability in Picoc Project Picoc 3.2.2 PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. | 5.5 |
2022-11-07 | CVE-2022-44745 | Acronis | Information Exposure Through Log Files vulnerability in Acronis Cyber Protect Home Office Sensitive information leak through log files. | 5.5 |
2022-11-07 | CVE-2022-44746 | Acronis | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis Cyber Protect Home Office Sensitive information disclosure due to insecure folder permissions. | 5.5 |
2022-11-07 | CVE-2022-2188 | Mcafee | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Data Exchange Layer Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. | 5.5 |
2022-11-12 | CVE-2022-3963 | SIR | Cross-site Scripting vulnerability in SIR Gnuboard A vulnerability was found in gnuboard5. | 5.4 |
2022-11-11 | CVE-2022-36776 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. | 5.4 |
2022-11-11 | CVE-2022-40750 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. | 5.4 |
2022-11-11 | CVE-2022-3943 | Foru CMS Project | Cross-site Scripting vulnerability in Foru CMS Project Foru CMS A vulnerability was found in ForU CMS. | 5.4 |
2022-11-11 | CVE-2022-41873 | Contiki NG | Out-of-bounds Read vulnerability in Contiki-Ng Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. | 5.4 |
2022-11-10 | CVE-2022-42460 | Sedlex | Unspecified vulnerability in Sedlex Traffic Manager 1.4.5 Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | 5.4 |
2022-11-10 | CVE-2022-26088 | BMC | Cross-site Scripting vulnerability in BMC Remedy IT Service Management Suite 20.02 An issue was discovered in BMC Remedy before 22.1. | 5.4 |
2022-11-10 | CVE-2022-43754 | Uyuni Project Suse | Cross-site Scripting vulnerability in multiple products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. | 5.4 |
2022-11-10 | CVE-2022-42786 | WUT | Cross-site Scripting vulnerability in WUT products Multiple W&T Products of the ComServer Series are prone to an XSS attack. | 5.4 |
2022-11-09 | CVE-2022-3265 | Gitlab | Cross-site Scripting vulnerability in Gitlab A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. | 5.4 |
2022-11-09 | CVE-2022-3483 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. | 5.4 |
2022-11-09 | CVE-2022-41049 | Microsoft | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
2022-11-09 | CVE-2022-41091 | Microsoft | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
2022-11-09 | CVE-2022-44590 | Simple Video Embedder Project | Cross-site Scripting vulnerability in Simple Video Embedder Project Simple Video Embedder 2.2 Auth. | 5.4 |
2022-11-08 | CVE-2022-43144 | Canteen Management System Project | Cross-site Scripting vulnerability in Canteen Management System Project Canteen Management System 1.0 A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
2022-11-08 | CVE-2022-41208 | SAP | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. | 5.4 |
2022-11-08 | CVE-2022-40632 | Gvectors | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo Forum Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. | 5.4 |
2022-11-08 | CVE-2021-40303 | Perfexcrm | Cross-site Scripting vulnerability in Perfexcrm Perfex CRM 1.10 perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. | 5.4 |
2022-11-12 | CVE-2022-45195 | Simplex | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Simplex Chat and Simplexmq SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. | 5.3 |
2022-11-11 | CVE-2022-3959 | Drogon | Use of Insufficiently Random Values vulnerability in Drogon A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. | 5.3 |
2022-11-11 | CVE-2022-3945 | Kavitareader | Improper Restriction of Excessive Authentication Attempts vulnerability in Kavitareader Kavita Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | 5.3 |
2022-11-11 | CVE-2022-3941 | Activity LOG Project | Improper Encoding or Escaping of Output vulnerability in Activity LOG Project Activity LOG A vulnerability has been found in Activity Log Plugin and classified as critical. | 5.3 |
2022-11-10 | CVE-2022-41876 | Ibexa | Insecure Storage of Sensitive Information vulnerability in Ibexa Ezplatform-Graphql 2.0.0 ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. | 5.3 |
2022-11-10 | CVE-2022-43679 | Owncloud | Unspecified vulnerability in Owncloud The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. | 5.3 |
2022-11-10 | CVE-2022-36022 | Eclipse | Use of Insufficiently Random Values vulnerability in Eclipse Deeplearning4J Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. | 5.3 |
2022-11-10 | CVE-2022-3793 | Gitlab | Unspecified vulnerability in Gitlab An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to. | 5.3 |
2022-11-10 | CVE-2022-3818 | Gitlab | Resource Exhaustion vulnerability in Gitlab An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. | 5.3 |
2022-11-09 | CVE-2022-2761 | Gitlab | Unspecified vulnerability in Gitlab An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to. | 5.3 |
2022-11-09 | CVE-2022-39307 | Grafana | Information Exposure Through an Error Message vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.3 |
2022-11-09 | CVE-2022-44553 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. | 5.3 |
2022-11-09 | CVE-2022-44560 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The launcher module has an Intent redirection vulnerability. | 5.3 |
2022-11-08 | CVE-2022-30515 | Zkteco | Missing Authentication for Critical Function vulnerability in Zkteco Biotime 8.5.4/8.5.5 ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | 5.3 |
2022-11-08 | CVE-2022-39069 | ZTE | SQL Injection vulnerability in ZTE Zaip-Aie There is a SQL injection vulnerability in ZTE ZAIP-AIE. | 5.3 |
2022-11-07 | CVE-2022-3489 | Weberge | Missing Authorization vulnerability in Weberge WP Hide 0.0.2 The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | 5.3 |
2022-11-08 | CVE-2022-41212 | SAP | Path Traversal vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. | 4.9 |
2022-11-08 | CVE-2022-30545 | 5 Anker | Cross-site Scripting vulnerability in 5-Anker 5 Anker Connect Auth. | 4.8 |
2022-11-08 | CVE-2022-32776 | Wpadvancedads | Cross-site Scripting vulnerability in Wpadvancedads Advanced ADS - AD Manager & Adsense Auth. | 4.8 |
2022-11-08 | CVE-2022-41980 | Webartesanal | Cross-site Scripting vulnerability in Webartesanal Mantenimiento web Auth. | 4.8 |
2022-11-08 | CVE-2022-41432 | Eyesofnetwork | Cross-site Scripting vulnerability in Eyesofnetwork web Interface 5.3 EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. | 4.8 |
2022-11-08 | CVE-2022-41433 | Eyesofnetwork | Cross-site Scripting vulnerability in Eyesofnetwork web Interface 5.3 EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. | 4.8 |
2022-11-07 | CVE-2022-43046 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Food Ordering Management System 1.0 Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. | 4.8 |
2022-11-07 | CVE-2022-3462 | Highlight Focus Project | Cross-site Scripting vulnerability in Highlight Focus Project Highlight Focus 1.1 The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-11-12 | CVE-2022-45194 | Bruhn Newtech | XXE vulnerability in Bruhn-Newtech Cbrn-Analysis CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | 4.7 |
2022-11-10 | CVE-2022-41874 | Tauri | Use of Incorrectly-Resolved Name or Reference vulnerability in Tauri Tauri is a framework for building binaries for all major desktop platforms. | 4.7 |
2022-11-08 | CVE-2022-41215 | SAP | Open Redirect vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
2022-11-07 | CVE-2021-42205 | Lenovo | Unspecified vulnerability in Lenovo Elan Miniport Touchpad Driver ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice. | 4.7 |
2022-11-09 | CVE-2022-41099 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows 11 BitLocker Security Feature Bypass Vulnerability | 4.6 |
2022-11-08 | CVE-2022-20465 | Unspecified vulnerability in Google Android In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. | 4.6 | |
2022-11-11 | CVE-2022-25917 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel products Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access. | 4.4 |
2022-11-11 | CVE-2022-27499 | Intel | Operation on a Resource after Expiration or Release vulnerability in Intel SGX SDK Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2022-11-11 | CVE-2022-36367 | Intel | Incorrect Default Permissions vulnerability in Intel Support 21.7.40 Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2022-11-09 | CVE-2022-41066 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV Microsoft Business Central Information Disclosure Vulnerability | 4.4 |
2022-11-13 | CVE-2022-3978 | Nodebb | Cross-Site Request Forgery (CSRF) vulnerability in Nodebb A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. | 4.3 |
2022-11-10 | CVE-2022-31255 | Uyuni Project Suse | Path Traversal vulnerability in multiple products An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. | 4.3 |
2022-11-10 | CVE-2022-43753 | Uyuni Project Suse | Path Traversal vulnerability in multiple products A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. | 4.3 |
2022-11-10 | CVE-2022-3866 | Hashicorp | Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad 1.4.0/1.4.1 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. | 4.3 |
2022-11-10 | CVE-2022-3867 | Hashicorp | Insufficient Session Expiration vulnerability in Hashicorp Nomad 1.4.0/1.4.1 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. | 4.3 |
2022-11-10 | CVE-2022-3413 | Gitlab | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. | 4.3 |
2022-11-10 | CVE-2022-3706 | Gitlab | Unspecified vulnerability in Gitlab Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. | 4.3 |
2022-11-10 | CVE-2022-3819 | Gitlab | Incorrect Authorization vulnerability in Gitlab An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. | 4.3 |
2022-11-09 | CVE-2022-29836 | Westerndigital | Path Traversal vulnerability in Westerndigital products Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. | 4.3 |
2022-11-09 | CVE-2022-44548 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos There is a vulnerability in permission verification during the Bluetooth pairing process. | 4.3 |
2022-11-09 | CVE-2022-3447 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 | |
2022-11-09 | CVE-2022-43488 | Algolplus | Cross-Site Request Forgery (CSRF) vulnerability in Algolplus Advanced Dynamic Pricing for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. | 4.3 |
2022-11-08 | CVE-2022-27855 | Fatcatapps | Cross-Site Request Forgery (CSRF) vulnerability in Fatcatapps Analytics CAT Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. | 4.3 |
2022-11-08 | CVE-2022-32587 | Codeandmore | Cross-Site Request Forgery (CSRF) vulnerability in Codeandmore WP Page Widget Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. | 4.3 |
2022-11-08 | CVE-2022-40205 | Gvectors | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | 4.3 |
2022-11-08 | CVE-2022-40206 | Gvectors | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. | 4.3 |
2022-11-08 | CVE-2022-40223 | Searchwp | Missing Authorization vulnerability in Searchwp Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | 4.3 |
2022-11-08 | CVE-2022-43481 | Rymera | Cross-Site Request Forgery (CSRF) vulnerability in Rymera Advanced Coupons Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. | 4.3 |
2022-11-08 | CVE-2022-43491 | Algolplus | Cross-Site Request Forgery (CSRF) vulnerability in Algolplus Advanced Dynamic Pricing for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. | 4.3 |
2022-11-08 | CVE-2020-35473 | Bluetooth | Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. | 4.3 |
2022-11-07 | CVE-2022-2387 | Sandhillsdev | Cross-Site Request Forgery (CSRF) vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. | 4.3 |
2022-11-07 | CVE-2022-3451 | Addify | Missing Authorization vulnerability in Addify Product Stock Manager The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. | 4.3 |
12 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-11-10 | CVE-2022-39388 | Istio | Incorrect Authorization vulnerability in Istio 1.15.0/1.15.1/1.15.2 Istio is an open platform to connect, manage, and secure microservices. | 3.5 |
2022-11-08 | CVE-2022-30694 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens products A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. | 3.5 |
2022-11-07 | CVE-2022-38163 | F Secure | Unspecified vulnerability in F-Secure Safe A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. | 3.5 |
2022-11-11 | CVE-2022-33973 | Intel | Unspecified vulnerability in Intel Wlan Authentication and Privacy Infrastructure Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | 3.3 |
2022-11-09 | CVE-2022-39879 | Unspecified vulnerability in Google Android 11.0/12.0 Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | 3.3 | |
2022-11-09 | CVE-2022-39884 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | 3.3 | |
2022-11-09 | CVE-2022-39885 | Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | 3.3 | |
2022-11-09 | CVE-2022-39886 | Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | 3.3 | |
2022-11-09 | CVE-2022-39887 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | 3.3 | |
2022-11-09 | CVE-2022-39889 | Samsung | Unspecified vulnerability in Samsung Galaxywatch4Plugin 2.2.11.22102751 Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. | 3.3 |
2022-11-09 | CVE-2022-39893 | Samsung | Information Exposure Through Log Files vulnerability in Samsung Galaxy Buds PRO Manage Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. | 3.3 |
2022-11-08 | CVE-2022-20446 | Missing Authorization vulnerability in Google Android 10.0/11.0 In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. | 3.3 |