Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2022-09-16 | N/A | 8.8 HIGH |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | |||||
| CVE-2022-38308 | 1 Totolink | 2 A7000ru, A7000ru Firmware | 2022-09-16 | N/A | 9.8 CRITICAL |
| TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | |||||
| CVE-2022-38633 | 1 Genymobile | 1 Genymotion Desktop | 2022-09-16 | N/A | 7.8 HIGH |
| Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. | |||||
| CVE-2022-40734 | 1 Unisharp | 1 Laravel Filemanager | 2022-09-16 | N/A | 6.5 MEDIUM |
| UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. | |||||
| CVE-2022-0029 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2022-09-16 | N/A | 5.5 MEDIUM |
| An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file. | |||||
| CVE-2022-31861 | 1 Thingsboard | 1 Thingsboard | 2022-09-16 | N/A | 5.4 MEDIUM |
| Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. | |||||
| CVE-2020-19586 | 1 Yellowfinbi | 1 Business Intelligence | 2022-09-16 | N/A | 9.0 CRITICAL |
| Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. | |||||
| CVE-2022-34718 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability. | |||||
| CVE-2022-31322 | 1 Pentasecurity | 1 Wapples | 2022-09-16 | N/A | 7.8 HIGH |
| Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | |||||
| CVE-2022-38329 | 1 Shopxian | 1 Shopxian Cms | 2022-09-16 | N/A | 4.3 MEDIUM |
| An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17. | |||||
| CVE-2022-32555 | 1 Unisys | 1 Data Exchange Management Studio | 2022-09-16 | N/A | 8.8 HIGH |
| Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur. | |||||
| CVE-2022-35836 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840. | |||||
| CVE-2022-37954 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-09-16 | N/A | 7.8 HIGH |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability. | |||||
| CVE-2022-20399 | 1 Google | 1 Android | 2022-09-16 | N/A | 5.5 MEDIUM |
| In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel | |||||
| CVE-2022-20396 | 1 Google | 1 Android | 2022-09-16 | N/A | 5.5 MEDIUM |
| In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688 | |||||
| CVE-2022-20395 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
| In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 | |||||
| CVE-2022-20393 | 1 Google | 1 Android | 2022-09-16 | N/A | 5.5 MEDIUM |
| In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886 | |||||
| CVE-2022-20392 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
| In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 | |||||
| CVE-2021-33026 | 1 Flask-caching Project | 1 Flask-caching | 2022-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision. | |||||
| CVE-2017-20050 | 2022-09-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected due to lack of sufficient information on how to reproduce the vulnerability. Notes: none. | |||||