Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37965 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-10-12 | N/A | 5.9 MEDIUM |
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. | |||||
| CVE-2022-37987 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989. | |||||
| CVE-2022-37993 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999. | |||||
| CVE-2022-33635 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows GDI+ Remote Code Execution Vulnerability. | |||||
| CVE-2022-37990 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | |||||
| CVE-2019-6737 | 1 Bitdefender | 1 Safepay | 2022-10-12 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247. | |||||
| CVE-2022-37996 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-10-12 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability. | |||||
| CVE-2022-37995 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | |||||
| CVE-2022-37994 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999. | |||||
| CVE-2022-36362 | 1 Siemens | 4 Logo\!8 Bm, Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware and 1 more | 2022-10-12 | N/A | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device. | |||||
| CVE-2021-43997 | 1 Amazon | 1 Freertos | 2022-10-11 | 7.2 HIGH | 7.8 HIGH |
| FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3. | |||||
| CVE-2022-39863 | 1 Samsung | 1 Account | 2022-10-11 | N/A | 4.7 MEDIUM |
| Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | |||||
| CVE-2022-28184 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-10-11 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | |||||
| CVE-2021-30833 | 1 Apple | 2 Mac Os X, Macos | 2022-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | |||||
| CVE-2022-29586 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2022-10-11 | 6.9 MEDIUM | 7.4 HIGH |
| Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. | |||||
| CVE-2021-30873 | 1 Apple | 2 Mac Os X, Macos | 2022-10-11 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to elevate privileges. | |||||
| CVE-2021-30913 | 1 Apple | 2 Mac Os X, Macos | 2022-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables. | |||||
| CVE-2021-30935 | 1 Apple | 2 Mac Os X, Macos | 2022-10-11 | 8.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-39878 | 1 Samsung | 1 Checkout | 2022-10-11 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. | |||||
| CVE-2022-39875 | 1 Samsung | 1 Account | 2022-10-11 | N/A | 4.4 MEDIUM |
| Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | |||||