Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40468 | 1 Tinyproxy Project | 1 Tinyproxy | 2022-10-11 | N/A | 7.5 HIGH |
| Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function. | |||||
| CVE-2021-43997 | 1 Amazon | 1 Freertos | 2022-10-11 | 7.2 HIGH | 7.8 HIGH |
| FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3. | |||||
| CVE-2022-39863 | 1 Samsung | 1 Account | 2022-10-11 | N/A | 4.7 MEDIUM |
| Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | |||||
| CVE-2022-39864 | 1 Samsung | 1 Smartthings | 2022-10-11 | N/A | 7.5 HIGH |
| Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2022-28185 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-10-11 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. | |||||
| CVE-2022-28184 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-10-11 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | |||||
| CVE-2022-42230 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Managment System | 2022-10-11 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-42236 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-10-11 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | |||||
| CVE-2022-42235 | 1 Student Clearance System Project | 1 Student Clearance System | 2022-10-11 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | |||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-10-11 | N/A | 8.8 HIGH |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | |||||
| CVE-2021-30928 | 1 Apple | 6 Icloud, Ipados, Iphone Os and 3 more | 2022-10-11 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2022-1706 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Ignition and 1 more | 2022-10-11 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. | |||||
| CVE-2022-22633 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-10-11 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-36899 | 1 Asset Cleanup\ | 1 Page Speed Booster Project | 2022-10-11 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress. | |||||
| CVE-2022-3452 | 1 Book Store Management System Project | 1 Book Store Management System | 2022-10-11 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436. | |||||
| CVE-2022-3453 | 1 Book Store Management System Project | 1 Book Store Management System | 2022-10-11 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability. | |||||
| CVE-2022-42229 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-10-11 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | |||||
| CVE-2022-42034 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-10-11 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | |||||
| CVE-2019-5429 | 3 Debian, Fedoraproject, Filezilla-project | 3 Debian Linux, Fedora, Filezilla Client | 2022-10-11 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. | |||||
| CVE-2022-41744 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-10-11 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||