Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40483 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-09-27 | N/A | 9.8 CRITICAL |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. | |||||
| CVE-2022-32796 | 1 Apple | 1 Macos | 2022-09-27 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-23461 | 1 Xdsoft | 1 Jodit Editor | 2022-09-27 | N/A | 6.1 MEDIUM |
| Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds. | |||||
| CVE-2022-3263 | 1 Measuresoft | 1 Scadapro Server | 2022-09-27 | N/A | 7.8 HIGH |
| The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | |||||
| CVE-2022-32852 | 1 Apple | 1 Macos | 2022-09-27 | N/A | 7.1 HIGH |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. | |||||
| CVE-2022-32848 | 1 Apple | 1 Macos | 2022-09-27 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to capture a user’s screen. | |||||
| CVE-2022-32801 | 1 Apple | 1 Macos | 2022-09-27 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges. | |||||
| CVE-2022-40928 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-09-27 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application. | |||||
| CVE-2022-40927 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-09-27 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation. | |||||
| CVE-2022-40926 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-09-27 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type. | |||||
| CVE-2022-32818 | 1 Apple | 1 Macos | 2022-09-27 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. | |||||
| CVE-2022-38752 | 1 Snakeyaml Project | 1 Snakeyaml | 2022-09-27 | N/A | 6.5 MEDIUM |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. | |||||
| CVE-2017-8114 | 1 Roundcube | 1 Webmail | 2022-09-27 | 6.5 MEDIUM | 8.8 HIGH |
| Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. | |||||
| CVE-2022-31181 | 1 Prestashop | 1 Prestashop | 2022-09-27 | N/A | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. | |||||
| CVE-2009-3352 | 1 Drupal | 1 Drupal | 2022-09-27 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2020-10919 | 1 Automationdirect | 13 C-more Hmi Ea9 Firmware, Ea9-pgmsw, Ea9-rhmi and 10 more | 2022-09-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185. | |||||
| CVE-2021-27271 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-09-27 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. | |||||
| CVE-2021-27242 | 1 Parallels | 1 Parallels Desktop | 2022-09-27 | 4.6 MEDIUM | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. | |||||
| CVE-2022-33642 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2022-09-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. | |||||
| CVE-2022-22711 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server 2012 and 3 more | 2022-09-27 | 3.3 LOW | 5.7 MEDIUM |
| Windows BitLocker Information Disclosure Vulnerability. | |||||