Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2022-09-26 | N/A | 6.5 MEDIUM |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | |||||
| CVE-2022-40861 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-26 | N/A | 7.2 HIGH |
| Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/ | |||||
| CVE-2022-38512 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-26 | N/A | 6.5 MEDIUM |
| The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL. | |||||
| CVE-2020-36604 | 1 Hapijs | 1 Hoek | 2022-09-26 | N/A | 8.1 HIGH |
| hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. | |||||
| CVE-2022-35895 | 1 Insyde | 1 Insydeh2o | 2022-09-26 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution. | |||||
| CVE-2022-38470 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2022-09-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | |||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2022-09-26 | N/A | 8.8 HIGH |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | |||||
| CVE-2022-36417 | 1 3d Tag Cloud Project | 1 3d Tag Cloud | 2022-09-26 | N/A | 6.1 MEDIUM |
| Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. | |||||
| CVE-2022-35894 | 1 Insyde | 1 Insydeh2o | 2022-09-26 | N/A | 6.0 MEDIUM |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure. | |||||
| CVE-2022-40194 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2022-09-26 | N/A | 7.5 HIGH |
| Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress | |||||
| CVE-2022-38704 | 1 Clogica | 1 Seo Redirection | 2022-09-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. | |||||
| CVE-2022-38454 | 1 Kraken | 1 Kraken.io Image Optimizer | 2022-09-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. | |||||
| CVE-2022-38079 | 1 Backup Scheduler Project | 1 Backup Scheduler | 2022-09-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | |||||
| CVE-2022-40215 | 1 Tabs Project | 1 Tabs | 2022-09-26 | N/A | 5.4 MEDIUM |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. | |||||
| CVE-2022-40262 | 2 Ami, Intel | 3 Aptio V, Server Board M10jnp2sb, Server Board M10jnp2sb Firmware | 2022-09-26 | N/A | 8.2 HIGH |
| A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71 | |||||
| CVE-2022-30426 | 1 Acer | 68 Altos T110 F3, Altos T110 F3 Firmware, Ap130 F2 and 65 more | 2022-09-26 | N/A | 7.8 HIGH |
| There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir. | |||||
| CVE-2022-40089 | 1 Simple College Website Project | 1 Simple College Website | 2022-09-26 | N/A | 9.8 CRITICAL |
| A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On. | |||||
| CVE-2022-40261 | 2 Ami, Intel | 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more | 2022-09-26 | N/A | 8.2 HIGH |
| An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: OverClockSmiHandler SHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c Module GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422 | |||||
| CVE-2022-40246 | 1 Intel | 4 Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware, Nuc M15 Laptop Kit Lapbc710 and 1 more | 2022-09-26 | N/A | 7.2 HIGH |
| A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: SbPei SHA256: d827182e5f9b7a9ff0b9d3e232f7cfac43b5237e2681e11f005be627a49283a9 Module GUID: c1fbd624-27ea-40d1-aa48-94c3dc5c7e0d | |||||
| CVE-2022-40088 | 1 Simple College Website Project | 1 Simple College Website | 2022-09-26 | N/A | 6.1 MEDIUM |
| Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | |||||