Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34720 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-15 | N/A | 7.5 HIGH |
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. | |||||
| CVE-2022-34721 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-15 | N/A | 9.8 CRITICAL |
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722. | |||||
| CVE-2022-34722 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-15 | N/A | 9.8 CRITICAL |
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721. | |||||
| CVE-2022-30200 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-15 | N/A | 7.8 HIGH |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. | |||||
| CVE-2022-34100 | 1 Crestron | 1 Airmedia | 2022-09-15 | N/A | 8.8 HIGH |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. | |||||
| CVE-2022-33647 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2022-09-15 | N/A | 8.1 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679. | |||||
| CVE-2022-33679 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2022-09-15 | N/A | 8.1 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647. | |||||
| CVE-2022-26929 | 1 Microsoft | 11 .net, Windows 10, Windows 11 and 8 more | 2022-09-15 | N/A | 7.8 HIGH |
| .NET Framework Remote Code Execution Vulnerability. | |||||
| CVE-2022-30170 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-15 | N/A | 7.3 HIGH |
| Windows Credential Roaming Service Elevation of Privilege Vulnerability. | |||||
| CVE-2022-30196 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-09-15 | N/A | 8.2 HIGH |
| Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833. | |||||
| CVE-2022-36385 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2022-09-15 | N/A | 6.8 MEDIUM |
| A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device. | |||||
| CVE-2022-1602 | 1 Hp | 16 Mt21, Mt22, Mt32 and 13 more | 2022-09-15 | N/A | 5.5 MEDIUM |
| A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8. | |||||
| CVE-2022-36782 | 1 Pal-es | 1 Palgate | 2022-09-15 | N/A | 8.6 HIGH |
| Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time. | |||||
| CVE-2022-38299 | 1 Appsmith | 1 Appsmith | 2022-09-14 | N/A | 4.3 MEDIUM |
| An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. | |||||
| CVE-2022-34108 | 1 Msi | 1 Micro-star International Feature Navigator | 2022-09-14 | N/A | 7.1 HIGH |
| An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. | |||||
| CVE-2022-34109 | 1 Msi | 1 Micro-star International Feature Navigator | 2022-09-14 | N/A | 7.1 HIGH |
| An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. | |||||
| CVE-2022-34110 | 1 Msi | 1 Micro-star International Feature Navigator | 2022-09-14 | N/A | 5.5 MEDIUM |
| An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. | |||||
| CVE-2022-3027 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2022-09-14 | N/A | 5.7 MEDIUM |
| The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information. | |||||
| CVE-2022-38067 | 1 Total-soft | 1 Event Calendar | 2022-09-14 | N/A | 5.3 MEDIUM |
| Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | |||||
| CVE-2021-29923 | 3 Fedoraproject, Golang, Oracle | 3 Fedora, Go, Timesten In-memory Database | 2022-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | |||||