Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43986 | 1 Fanuc | 1 Roboguide | 2022-10-17 | 4.4 MEDIUM | 7.0 HIGH |
| The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation. | |||||
| CVE-2021-43933 | 1 Fanuc | 1 Roboguide | 2022-10-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources. | |||||
| CVE-2021-38483 | 1 Fanuc | 1 Roboguide | 2022-10-17 | 3.3 LOW | 5.7 MEDIUM |
| The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation. | |||||
| CVE-2022-42070 | 1 Online Birth Certificate Management System Project | 1 Online Birth Certificate Management System | 2022-10-17 | N/A | 8.8 HIGH |
| Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-28762 | 1 Zoom | 1 Meetings | 2022-10-17 | N/A | 7.8 HIGH |
| Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | |||||
| CVE-2022-42232 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. | |||||
| CVE-2022-22947 | 2 Oracle, Vmware | 10 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 7 more | 2022-10-17 | 6.8 MEDIUM | 10.0 CRITICAL |
| In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | |||||
| CVE-2022-41539 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-10-17 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41538 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-10-17 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-42071 | 1 Online Birth Certificate Management System Project | 1 Online Birth Certificate Management System | 2022-10-17 | N/A | 6.1 MEDIUM |
| Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. | |||||
| CVE-2022-41535 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. | |||||
| CVE-2022-41536 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-17 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. | |||||
| CVE-2022-39802 | 1 Sap | 1 Manufacturing Execution | 2022-10-17 | N/A | 7.5 HIGH |
| SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. | |||||
| CVE-2022-37956 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-10-17 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964. | |||||
| CVE-2022-36803 | 1 Atlassian | 1 Jira Align | 2022-10-17 | N/A | 8.8 HIGH |
| The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. | |||||
| CVE-2022-36802 | 1 Atlassian | 1 Jira Align | 2022-10-17 | N/A | 4.9 MEDIUM |
| The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. | |||||
| CVE-2022-39302 | 1 Ree6 | 1 Ree6 | 2022-10-17 | N/A | 5.4 MEDIUM |
| Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds. | |||||
| CVE-2022-38902 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-10-17 | N/A | 5.4 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic. | |||||
| CVE-2022-34022 | 1 Resiot | 1 Iot Platform And Lorawan Network Server | 2022-10-17 | N/A | 7.2 HIGH |
| SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. | |||||
| CVE-2022-39303 | 1 Ree6 | 1 Ree6 | 2022-10-17 | N/A | 9.8 CRITICAL |
| Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. | |||||