Skip to main content
CVE-2022-41100 HIGH This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 Windows 11 +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41096 HIGH This Week

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41095 HIGH This Week

Windows Digital Media Receiver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41093 HIGH This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 Windows 11 +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41092 HIGH This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2022
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-41073 HIGH KEV PATCH THREAT This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2022-41057 HIGH This Week

Windows HTTP.sys Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-41054 HIGH This Week

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41052 HIGH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41051 HIGH This Week

Azure RTOS GUIX Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Azure Rtos Guix Studio
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41050 HIGH This Week

Windows Extensible File Allocation Table Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41045 HIGH This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 Windows 11 +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-39883 HIGH This Week

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39882 HIGH This Week

Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39880 HIGH This Week

Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-37992 HIGH This Week

Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-43310 HIGH This Week

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Foxit Reader
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-3285 HIGH This Week

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-41118 HIGH This Week

Windows Scripting Languages Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft Windows 10 Windows 11 +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-41085 HIGH This Week

Azure CycleCloud Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Microsoft Azure Cyclecloud
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41058 HIGH This Week

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-41056 HIGH This Week

Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Windows 10 Windows 11 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-41053 HIGH This Week

Windows Kerberos Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-39891 HIGH This Week

Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Editor Lite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-39890 HIGH This Week

Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Billing
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44561 HIGH This Week

The preset launcher module has a permission verification vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-44557 HIGH This Week

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44555 HIGH This Week

The DDMP/ODMF module has a service hijacking vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44554 HIGH This Week

The power module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44552 HIGH This Week

The lock screen module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44550 HIGH This Week

The graphics display module has a UAF vulnerability when traversing graphic layers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44549 HIGH This Week

The LBS module has a vulnerability in geofencing API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44547 HIGH This Week

The Display Service module has a UAF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44546 HIGH This Week

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-27674 HIGH This Week

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service Amd Uprof
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-27673 HIGH This Week

Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Authentication Bypass Google Amd Link
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-23831 HIGH This Week

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service Amd Uprof
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45060 HIGH This Week

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Varnish Cache Varnish Cache Plus Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45059 HIGH This Week

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Varnish Cache Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-37967 HIGH PATCH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +6
NVD
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-41114 HIGH This Week

Windows Bind Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 Windows 11 +1
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-38014 HIGH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux Microsoft Azure Iot Edge For Linux +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy