Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34100 | 1 Crestron | 1 Airmedia | 2022-09-15 | N/A | 8.8 HIGH |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. | |||||
| CVE-2022-33679 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2022-09-15 | N/A | 8.1 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647. | |||||
| CVE-2022-33647 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2022-09-15 | N/A | 8.1 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679. | |||||
| CVE-2022-38466 | 1 Siemens | 1 Coreshield One-way Gateway | 2022-09-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. | |||||
| CVE-2022-26929 | 1 Microsoft | 11 .net, Windows 10, Windows 11 and 8 more | 2022-09-15 | N/A | 7.8 HIGH |
| .NET Framework Remote Code Execution Vulnerability. | |||||
| CVE-2022-26928 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-09-15 | N/A | 7.0 HIGH |
| Windows Photo Import API Elevation of Privilege Vulnerability. | |||||
| CVE-2022-30170 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-15 | N/A | 7.3 HIGH |
| Windows Credential Roaming Service Elevation of Privilege Vulnerability. | |||||
| CVE-2022-30196 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-09-15 | N/A | 8.2 HIGH |
| Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833. | |||||
| CVE-2022-37302 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2022-09-15 | N/A | 5.5 MEDIUM |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior). | |||||
| CVE-2022-3174 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-15 | N/A | 7.5 HIGH |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
| CVE-2022-31222 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 4.4 MEDIUM |
| Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash. | |||||
| CVE-2022-31221 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 2.3 LOW |
| Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. | |||||
| CVE-2022-31220 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 5.1 MEDIUM |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-3179 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-15 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
| CVE-2022-31224 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 2.4 LOW |
| Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system. | |||||
| CVE-2022-31223 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 2.3 LOW |
| Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system. | |||||
| CVE-2022-2979 | 1 Omron | 1 Cx-programmer | 2022-09-15 | N/A | 7.8 HIGH |
| Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. | |||||
| CVE-2022-31226 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 7.8 HIGH |
| Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system. | |||||
| CVE-2022-31225 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2022-09-15 | N/A | 5.1 MEDIUM |
| Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||||
| CVE-2022-39200 | 1 Matrix | 1 Dendrite | 2022-09-15 | N/A | 5.3 MEDIUM |
| Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through other endpoints (e.g. `/event`, `/state`) as they have been correctly verified. Homeservers that have federation disabled are not vulnerable. The problem has been fixed in Dendrite 0.9.8. Users are advised to upgrade. There are no known workarounds for this issue. | |||||