Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0871 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
| In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253 | |||||
| CVE-2022-38019 | 1 Microsoft | 1 Av1 Video Extension | 2022-09-16 | N/A | 7.8 HIGH |
| AV1 Video Extension Remote Code Execution Vulnerability. | |||||
| CVE-2021-0697 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.0 HIGH |
| In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403 | |||||
| CVE-2022-35841 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-09-16 | N/A | 8.8 HIGH |
| Windows Enterprise App Management Service Remote Code Execution Vulnerability. | |||||
| CVE-2022-38004 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-16 | N/A | 7.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability. | |||||
| CVE-2022-38005 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-16 | N/A | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. | |||||
| CVE-2010-1280 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-09-16 | 9.3 HIGH | 8.8 HIGH |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. | |||||
| CVE-2022-38009 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38008. | |||||
| CVE-2022-38008 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38009. | |||||
| CVE-2022-38006 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-16 | N/A | 6.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-35837. | |||||
| CVE-2022-30312 | 1 Honeywell | 10 Trend Iq411, Trend Iq411 Firmware, Trend Iq412 and 7 more | 2022-09-16 | N/A | 6.5 MEDIUM |
| The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement. | |||||
| CVE-2022-38007 | 1 Microsoft | 2 Azure Arc, Azure Guest Configuration | 2022-09-16 | N/A | 7.8 HIGH |
| Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability. | |||||
| CVE-2022-37957 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-09-16 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964. | |||||
| CVE-2022-37961 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38008, CVE-2022-38009. | |||||
| CVE-2022-39202 | 1 Matrix | 1 Matrix Irc Bridge | 2022-09-16 | N/A | 6.3 MEDIUM |
| matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode commands can only be executed by privileged users, so this can only be abused if an operator is tricked into running the command on behalf of an attacker. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround users should refrain from entering mode commands suggested by untrusted users. Avoid using multiple modes in a single command. | |||||
| CVE-2022-37959 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2022-09-16 | N/A | 6.5 MEDIUM |
| Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability. | |||||
| CVE-2022-35840 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836. | |||||
| CVE-2022-34719 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 7.8 HIGH |
| Windows Distributed File System (DFS) Elevation of Privilege Vulnerability. | |||||
| CVE-2022-35834 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840. | |||||
| CVE-2022-37963 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-09-16 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38010. | |||||