Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40933 | 1 Online Pet Shop Web Application Project | 1 Online Pet Shop Web Application | 2022-09-22 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id. | |||||
| CVE-2022-32788 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-09-22 | N/A | 9.8 CRITICAL |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution. | |||||
| CVE-2022-26696 | 1 Apple | 1 Macos | 2022-09-22 | N/A | 8.8 HIGH |
| This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2022-09-22 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
| CVE-2022-3267 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | |||||
| CVE-2022-2266 | 1 Yordam | 1 Library Automation System | 2022-09-22 | N/A | 6.1 MEDIUM |
| University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2 | |||||
| CVE-2022-39197 | 1 Helpsystems | 1 Cobalt Strike | 2022-09-22 | N/A | 6.1 MEDIUM |
| An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed). | |||||
| CVE-2022-40219 | 1 Sedlex | 1 Favicon-switcher | 2022-09-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | |||||
| CVE-2022-31679 | 1 Vmware | 1 Spring Data Rest | 2022-09-22 | N/A | 3.7 LOW |
| Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. | |||||
| CVE-2022-30577 | 1 Tibco | 1 Ebx | 2022-09-22 | N/A | 9.0 CRITICAL |
| The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8. | |||||
| CVE-2022-33658 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2022-09-22 | 3.5 LOW | 4.4 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. | |||||
| CVE-2022-33652 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2022-09-22 | 3.5 LOW | 4.4 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. | |||||
| CVE-2022-30211 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-22 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. | |||||
| CVE-2022-30150 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-09-22 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability. | |||||
| CVE-2022-21980 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24477, CVE-2022-24516. | |||||
| CVE-2022-21979 | 1 Microsoft | 1 Exchange Server | 2022-09-22 | N/A | 5.7 MEDIUM |
| Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30134, CVE-2022-34692. | |||||
| CVE-2022-22041 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-09-22 | 8.5 HIGH | 6.8 MEDIUM |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-30206, CVE-2022-30226. | |||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2022-09-22 | N/A | 8.1 HIGH |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | |||||
| CVE-2021-33081 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2022-09-22 | N/A | 4.4 MEDIUM |
| Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-37027 | 1 Ahsay | 1 Cloud Backup Suite | 2022-09-22 | N/A | 7.2 HIGH |
| Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user. | |||||