Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35297 | 1 Sap | 1 Enable Now | 2022-10-12 | N/A | 5.4 MEDIUM |
| The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | |||||
| CVE-2022-38086 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2022-10-12 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. | |||||
| CVE-2022-38033 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 6.5 MEDIUM |
| Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability. | |||||
| CVE-2022-38030 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-10-12 | N/A | 4.3 MEDIUM |
| Windows USB Serial Driver Information Disclosure Vulnerability. | |||||
| CVE-2022-38029 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.0 HIGH |
| Windows ALPC Elevation of Privilege Vulnerability. | |||||
| CVE-2022-40178 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2022-10-12 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code. | |||||
| CVE-2022-38040 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 8.8 HIGH |
| Microsoft ODBC Driver Remote Code Execution Vulnerability. | |||||
| CVE-2022-38036 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2022-10-12 | N/A | 7.5 HIGH |
| Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. | |||||
| CVE-2022-40179 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2022-10-12 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in endpoints of the “Operation” web application that interpret and execute Axon language queries, due to the missing validation of anti-CSRF tokens or other origin checks. By convincing a victim to click on a malicious link or visit a specifically crafted webpage while logged-in to the device web application, a remote unauthenticated attacker can execute arbitrary Axon queries against the device. | |||||
| CVE-2019-6755 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613. | |||||
| CVE-2022-41042 | 1 Microsoft | 1 Visual Studio Code | 2022-10-12 | N/A | 7.4 HIGH |
| Visual Studio Code Information Disclosure Vulnerability. | |||||
| CVE-2022-41083 | 1 Microsoft | 1 Jupyter | 2022-10-12 | N/A | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability. | |||||
| CVE-2022-41081 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047. | |||||
| CVE-2019-6747 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2022-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7636. | |||||
| CVE-2022-38039 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038. | |||||
| CVE-2022-38031 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982. | |||||
| CVE-2022-38028 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. | |||||
| CVE-2022-38017 | 1 Microsoft | 4 Storsimple 8010, Storsimple 8010 Firmware, Storsimple 8020 and 1 more | 2022-10-12 | N/A | 6.8 MEDIUM |
| StorSimple 8000 Series Elevation of Privilege Vulnerability. | |||||
| CVE-2022-38021 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server 2012 and 3 more | 2022-10-12 | N/A | 7.0 HIGH |
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. | |||||
| CVE-2020-29651 | 3 Fedoraproject, Oracle, Pytest | 3 Fedora, Zfs Storage Appliance Kit, Py | 2022-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | |||||