Skip to main content
CVE-2022-37970 HIGH PATCH This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
7.8
EPSS
9.7%
CVE-2022-33635 HIGH PATCH This Week

Windows GDI+ Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-41851 HIGH PATCH This Week

A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure Jt Open Toolkit Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38465 HIGH This Week

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Et 200 Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic Et 200 Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Drive Controller Cpu 1504D Tf Firmware Simatic Drive Controller Cpu 1507D Tf Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37864 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37998 HIGH PATCH This Week

Windows Local Session Manager (LSM) Denial of Service Vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2022
NVD
CVSS 3.1
7.7
EPSS
2.8%
CVE-2022-37973 HIGH PATCH This Week

Windows Local Session Manager (LSM) Denial of Service Vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2022
NVD
CVSS 3.1
7.7
EPSS
2.8%
CVE-2022-39013 HIGH This Week

Under certain conditions an authenticated attacker can get access to OS credentials. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2022-40227 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Hmi Comfort Panels Firmware Simatic Hmi Ktp400 Basic Firmware Simatic Hmi Ktp700 Basic Firmware Simatic Hmi Ktp900 Basic Firmware +6
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-39802 HIGH This Week

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal SAP Manufacturing Execution
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2022-38138 HIGH This Week

The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Java Iec 60870 6 Software Library Iec 61850 Software Library
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-20418 HIGH PATCH This Week

In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20410 HIGH PATCH This Week

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-38046 HIGH PATCH This Week

Web Account Manager Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 11 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-38041 HIGH PATCH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-38036 HIGH PATCH This Week

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 11 Windows Server 2022
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-37978 HIGH PATCH This Week

Windows Active Directory Certificate Services Security Feature Bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-37599 HIGH PATCH This Week

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Loader Utils
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-34689 HIGH PATCH This Week

Windows CryptoAPI Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.5
EPSS
37.9%
CVE-2022-33645 HIGH PATCH This Week

Windows TCP/IP Driver Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-39296 HIGH PATCH This Week

MelisAssetManager provides deliveries of Melis Platform's assets located in every module's public folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Melis Asset Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-34430 HIGH PATCH This Week

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Dell Path Traversal Hybrid Client
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39271 HIGH PATCH This Week

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Traefik
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36362 HIGH PATCH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Logo 8 Bm Firmware Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36360 HIGH PATCH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Logo 8 Bm Firmware Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-41042 HIGH PATCH This Week

Visual Studio Code Information Disclosure Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2022-40147 HIGH This Week

A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Industrial Edge Management
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2022-42230 HIGH This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Simple Cold Storage Managment System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-38042 HIGH PATCH This Week

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Information Disclosure Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2022-37971 HIGH PATCH This Week

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Malware Protection Engine
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-20422 HIGH PATCH This Week

In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. Rated high severity (CVSS 7.0).

Google Privilege Escalation Android Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-38029 HIGH PATCH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Race Condition Information Disclosure Windows 10 Windows 11 +8
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-38027 HIGH PATCH This Week

Windows Storage Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Race Condition Information Disclosure Windows 10 Windows 11 +8
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-38021 HIGH PATCH This Week

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Windows 10 Windows 11 Windows Server 2012 +3
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-38017 MEDIUM PATCH This Month

StorSimple 8000 Series Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Storsimple 8010 Firmware Storsimple 8020 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-20412 MEDIUM PATCH This Month

In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20409 MEDIUM PATCH This Month

In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation Memory Corruption Use After Free +1
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-34434 MEDIUM PATCH This Month

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Authentication Bypass Dell PostgreSQL Cloud Mobility For Dell Emc Storage
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-38032 MEDIUM PATCH This Month

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2022-41550 MEDIUM This Month

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Osip
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39015 MEDIUM This Month

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38033 MEDIUM PATCH This Month

Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38001 MEDIUM PATCH This Month

Microsoft Office Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-37977 MEDIUM PATCH This Month

Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-37974 MEDIUM PATCH This Month

Windows Mixed Reality Developer Tools Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11
NVD
CVSS 3.1
6.5
EPSS
36.3%
CVE-2022-35770 MEDIUM PATCH This Month

Windows NTLM Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-34431 MEDIUM PATCH This Month

Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Hybrid Client
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-33746 MEDIUM PATCH This Month

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3140 MEDIUM This Month

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Libreoffice Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
4.4%
CVE-2022-39800 MEDIUM This Month

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.6%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy