Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6741 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2022-10-12 | 5.8 MEDIUM | 9.3 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476. | |||||
| CVE-2022-37968 | 1 Microsoft | 2 Azure Arc-enabled Kubernetes, Azure Stack Edge | 2022-10-12 | N/A | 10.0 CRITICAL |
| Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. | |||||
| CVE-2022-37965 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-10-12 | N/A | 5.9 MEDIUM |
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. | |||||
| CVE-2022-37987 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989. | |||||
| CVE-2022-37993 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37994, CVE-2022-37999. | |||||
| CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 6.5 MEDIUM |
| Windows NTLM Spoofing Vulnerability. | |||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.5 HIGH |
| Windows CryptoAPI Spoofing Vulnerability. | |||||
| CVE-2022-33645 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.5 HIGH |
| Windows TCP/IP Driver Denial of Service Vulnerability. | |||||
| CVE-2022-33635 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows GDI+ Remote Code Execution Vulnerability. | |||||
| CVE-2022-41851 | 1 Siemens | 2 Jt Open Toolkit, Simcenter Femap | 2022-10-12 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973) | |||||
| CVE-2020-28935 | 2 Debian, Nlnetlabs | 3 Debian Linux, Name Server Daemon, Unbound | 2022-10-12 | 2.1 LOW | 5.5 MEDIUM |
| NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. | |||||
| CVE-2022-37990 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | |||||
| CVE-2020-25692 | 3 Netapp, Openldap, Redhat | 5 Cloud Backup, Solidfire Baseboard Management Controller, Solidfire Baseboard Management Controller Firmware and 2 more | 2022-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | |||||
| CVE-2022-40226 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2022-10-12 | N/A | 8.1 HIGH |
| A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. | |||||
| CVE-2019-6737 | 1 Bitdefender | 1 Safepay | 2022-10-12 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247. | |||||
| CVE-2022-37996 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-10-12 | N/A | 5.5 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability. | |||||
| CVE-2022-40147 | 1 Siemens | 1 Industrial Edge Management | 2022-10-12 | N/A | 7.4 HIGH |
| A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. | |||||
| CVE-2019-7061 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2022-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2022-37995 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038, CVE-2022-38039. | |||||
| CVE-2022-37994 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37993, CVE-2022-37999. | |||||