Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32936 | 1 Apple | 1 Macos | 2022-11-02 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory. | |||||
| CVE-2022-41627 | 1 Alivecor | 6 Kardiamobile, Kardiamobile 6l, Kardiamobile 6l Firmware and 3 more | 2022-11-02 | N/A | 7.6 HIGH |
| The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves. | |||||
| CVE-2022-3797 | 1 Eolink | 1 Apinto-dashboard | 2022-11-02 | N/A | 6.1 MEDIUM |
| A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212633 was assigned to this vulnerability. | |||||
| CVE-2022-32914 | 1 Apple | 4 Iphone Os, Macos, Tvos and 1 more | 2022-11-02 | N/A | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32903 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2022-11-02 | N/A | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32879 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-11-02 | N/A | 2.4 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen. | |||||
| CVE-2022-32875 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2022-11-02 | N/A | 5.0 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information. | |||||
| CVE-2021-40661 | 1 Mt | 2 Ind780, Ind780 Firmware | 2022-11-02 | N/A | 7.5 HIGH |
| A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. | |||||
| CVE-2022-27583 | 1 Sick | 4 Flx3-cpuc1, Flx3-cpuc1 Firmware, Flx3-cpuc2 and 1 more | 2022-11-02 | N/A | 9.1 CRITICAL |
| A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | |||||
| CVE-2022-32870 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2022-11-02 | N/A | 2.4 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. | |||||
| CVE-2022-32867 | 1 Apple | 2 Iphone Os, Macos | 2022-11-02 | N/A | 2.4 LOW |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs. | |||||
| CVE-2022-32866 | 1 Apple | 3 Macos, Tvos, Watchos | 2022-11-02 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-2475 | 1 Haascnc | 2 Haas Controller, Haas Controller Firmware | 2022-11-02 | N/A | 8.8 HIGH |
| Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | |||||
| CVE-2022-32865 | 1 Apple | 2 Iphone Os, Macos | 2022-11-02 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-2474 | 1 Haascnc | 2 Haas Controller, Haas Controller Firmware | 2022-11-02 | N/A | 8.0 HIGH |
| Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. | |||||
| CVE-2022-43362 | 1 Slims | 1 Senayan Library Management System | 2022-11-02 | N/A | 7.2 HIGH |
| Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | |||||
| CVE-2022-43085 | 1 Restaurant Pos System Project | 1 Restaurant Pos System | 2022-11-02 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-23738 | 1 Github | 1 Enterprise Server | 2022-11-02 | N/A | 5.7 MEDIUM |
| An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2022-43361 | 1 Slims | 1 Senayan Library Management System | 2022-11-02 | N/A | 4.8 MEDIUM |
| Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | |||||
| CVE-2019-13120 | 1 Amazon | 1 Amazon Web Services Freertos | 2022-11-02 | 4.3 MEDIUM | 7.5 HIGH |
| Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability. | |||||