Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38984 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 7.5 HIGH |
| The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality. | |||||
| CVE-2022-26788 | 1 Microsoft | 10 Powershell, Windows 10, Windows 11 and 7 more | 2022-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| PowerShell Elevation of Privilege Vulnerability. | |||||
| CVE-2022-23267 | 2 Fedoraproject, Microsoft | 6 Fedora, .net, .net Core and 3 more | 2022-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. | |||||
| CVE-2021-43896 | 1 Microsoft | 1 Powershell | 2022-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft PowerShell Spoofing Vulnerability | |||||
| CVE-2020-0951 | 1 Microsoft | 4 Powershell, Windows 10, Windows Server 2016 and 1 more | 2022-10-18 | 7.2 HIGH | 6.7 MEDIUM |
| A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. | |||||
| CVE-2017-8529 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2022-10-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | |||||
| CVE-2021-3672 | 6 C-ares Project, Fedoraproject, Nodejs and 3 more | 17 C-ares, Fedora, Node.js and 14 more | 2022-10-18 | 6.8 MEDIUM | 5.6 MEDIUM |
| A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. | |||||
| CVE-2021-46839 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 9.1 CRITICAL |
| The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2022-41580 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 9.8 CRITICAL |
| The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2022-41578 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 9.8 CRITICAL |
| The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. | |||||
| CVE-2022-39065 | 1 Ikea | 2 Tradfri Gateway E1526, Tradfri Gateway E1526 Firmware | 2022-10-18 | N/A | 6.5 MEDIUM |
| A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |||||
| CVE-2021-27406 | 1 Perfact | 1 Openvpn-client | 2022-10-18 | N/A | 8.8 HIGH |
| An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user. | |||||
| CVE-2022-38983 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 9.8 CRITICAL |
| The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. | |||||
| CVE-2022-38981 | 1 Huawei | 1 Harmonyos | 2022-10-18 | N/A | 7.5 HIGH |
| The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. | |||||
| CVE-2022-42156 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2022-10-18 | N/A | 8.8 HIGH |
| D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. | |||||
| CVE-2022-42159 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2022-10-18 | N/A | 4.3 MEDIUM |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. | |||||
| CVE-2022-42160 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2022-10-18 | N/A | 8.8 HIGH |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | |||||
| CVE-2022-32174 | 1 Gogs | 1 Gogs | 2022-10-18 | N/A | 9.0 CRITICAL |
| In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | |||||
| CVE-2022-42161 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2022-10-18 | N/A | 8.8 HIGH |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | |||||
| CVE-2022-1462 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-10-17 | 3.3 LOW | 6.3 MEDIUM |
| An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. | |||||