Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34723 | 1 Microsoft | 1 Windows 11 | 2022-09-16 | N/A | 5.5 MEDIUM |
| Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability. | |||||
| CVE-2022-37962 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-09-16 | N/A | 7.8 HIGH |
| Microsoft PowerPoint Remote Code Execution Vulnerability. | |||||
| CVE-2022-34728 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 5.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006. | |||||
| CVE-2022-35805 | 1 Microsoft | 1 Dynamics 365 | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34700. | |||||
| CVE-2022-34729 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 7.8 HIGH |
| Windows GDI Elevation of Privilege Vulnerability. | |||||
| CVE-2022-35838 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2022-09-16 | N/A | 7.5 HIGH |
| HTTP V3 Denial of Service Vulnerability. | |||||
| CVE-2022-37964 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2022-09-16 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37957. | |||||
| CVE-2022-37955 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-16 | N/A | 7.8 HIGH |
| Windows Group Policy Elevation of Privilege Vulnerability. | |||||
| CVE-2022-34731 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840. | |||||
| CVE-2022-34733 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840. | |||||
| CVE-2022-26394 | 1 Baxter | 8 Baxter Spectrum Iq 35700bax3, Baxter Spectrum Iq 35700bax3 Firmware, Sigma Spectrum 35700bax and 5 more | 2022-09-16 | N/A | 5.4 MEDIUM |
| The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail. | |||||
| CVE-2022-36088 | 2 Microsoft, Thoughtworks | 2 Windows, Gocd | 2022-09-16 | N/A | 5.5 MEDIUM |
| GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions. | |||||
| CVE-2022-35835 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 8.8 HIGH |
| Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35836, CVE-2022-35840. | |||||
| CVE-2022-1697 | 1 Okta | 1 Active Directory Agent | 2022-09-16 | N/A | 3.9 LOW |
| Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. | |||||
| CVE-2022-35833 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-16 | N/A | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196. | |||||
| CVE-2022-36089 | 1 Kubevela | 1 Kubevela | 2022-09-16 | N/A | 9.8 CRITICAL |
| KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the `PlatformID` as the signed key to generate the JWT tokens for users. Another API called `getSystemInfo` exposes the platformID. This vulnerability allows users to use the platformID to re-generate the JWT tokens to bypass the authentication. Versions 1.4.11 and 1.5.4 contain a patch for this issue. | |||||
| CVE-2022-35832 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 5.5 MEDIUM |
| Windows Event Tracing Denial of Service Vulnerability. | |||||
| CVE-2022-35831 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-09-16 | N/A | 5.5 MEDIUM |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability. | |||||
| CVE-2022-35830 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2022-09-16 | N/A | 8.1 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability. | |||||
| CVE-2022-35828 | 1 Microsoft | 1 Defender For Endpoint | 2022-09-16 | N/A | 7.8 HIGH |
| Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability. | |||||