Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3207 | 1 Simplefilelist | 1 Simple-file-list | 2022-10-12 | N/A | 4.8 MEDIUM |
| The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2019-6762 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7844. | |||||
| CVE-2022-37986 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability. | |||||
| CVE-2019-6761 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7777. | |||||
| CVE-2019-6760 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694. | |||||
| CVE-2022-37985 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 5.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability. | |||||
| CVE-2019-6759 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7614. | |||||
| CVE-2022-37984 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows WLAN Service Elevation of Privilege Vulnerability. | |||||
| CVE-2022-20351 | 1 Google | 1 Android | 2022-10-12 | N/A | 5.5 MEDIUM |
| In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 | |||||
| CVE-2019-6746 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2022-10-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7634. | |||||
| CVE-2022-37983 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-10-12 | N/A | 7.8 HIGH |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability. | |||||
| CVE-2022-35299 | 1 Sap | 2 Sap Iq, Sql Anywhere | 2022-10-12 | N/A | 9.8 CRITICAL |
| SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | |||||
| CVE-2022-38016 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-10-12 | N/A | 8.8 HIGH |
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. | |||||
| CVE-2019-6758 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701. | |||||
| CVE-2022-35296 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-10-12 | N/A | 4.9 MEDIUM |
| Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | |||||
| CVE-2022-38003 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Resilient File System Elevation of Privilege. | |||||
| CVE-2022-35226 | 1 Sap | 1 Data Services | 2022-10-12 | N/A | 6.1 MEDIUM |
| SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. | |||||
| CVE-2022-38001 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-10-12 | N/A | 6.5 MEDIUM |
| Microsoft Office Spoofing Vulnerability. | |||||
| CVE-2019-6757 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696. | |||||
| CVE-2019-6756 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769. | |||||