Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28566 | 1 Magento | 1 Magento | 2022-10-18 | 4.0 MEDIUM | 2.7 LOW |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation. | |||||
| CVE-2022-41623 | 1 Villatheme | 1 Dropshipping And Fulfillment For Aliexpress And Woocommerce | 2022-10-18 | N/A | 7.5 HIGH |
| Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. | |||||
| CVE-2022-41581 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 9.1 CRITICAL |
| The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2022-41582 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 7.5 HIGH |
| The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-41586 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 7.5 HIGH |
| The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-41588 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 7.5 HIGH |
| The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2022-41589 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 7.5 HIGH |
| The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. | |||||
| CVE-2022-26788 | 1 Microsoft | 10 Powershell, Windows 10, Windows 11 and 7 more | 2022-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| PowerShell Elevation of Privilege Vulnerability. | |||||
| CVE-2021-43896 | 1 Microsoft | 1 Powershell | 2022-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft PowerShell Spoofing Vulnerability | |||||
| CVE-2020-0951 | 1 Microsoft | 4 Powershell, Windows 10, Windows Server 2016 and 1 more | 2022-10-18 | 7.2 HIGH | 6.7 MEDIUM |
| A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-2729 | 1 Oracle | 1 Identity Manager | 2022-10-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2020-2731 | 1 Oracle | 1 Database Server | 2022-10-17 | 3.3 LOW | 3.9 LOW |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). | |||||
| CVE-2020-2728 | 1 Oracle | 1 Identity Manager | 2022-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2021-43988 | 1 Fanuc | 1 Roboguide | 2022-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights. | |||||
| CVE-2022-28762 | 1 Zoom | 1 Meetings | 2022-10-17 | N/A | 7.8 HIGH |
| Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | |||||
| CVE-2022-37956 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-10-17 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964. | |||||
| CVE-2022-34326 | 1 Realtek | 2 Rtl8195am, Rtl8195am Firmware | 2022-10-14 | N/A | 7.5 HIGH |
| In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode. | |||||
| CVE-2022-20464 | 1 Google | 1 Android | 2022-10-14 | N/A | 5.5 MEDIUM |
| In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A | |||||
| CVE-2022-41576 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-14 | N/A | 7.8 HIGH |
| The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. | |||||
| CVE-2022-28887 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2022-10-14 | N/A | 7.5 HIGH |
| Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. | |||||