Medium
CVE-2021-0060
Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.30…
Read moreUncategorized 2022
Page 23/27.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2022-02-09
Medium
CVE-2022-23280
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
Read moreHigh
CVE-2022-23276
SQL Server for Linux Containers Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-23274
Microsoft Dynamics GP Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-23273
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Read moreHigh
CVE-2022-23272
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Read moreMedium
CVE-2022-23271
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Read moreMedium
CVE-2022-23269
Microsoft Dynamics GP Spoofing Vulnerability
Read moreHigh
CVE-2022-23256
Azure Data Explorer Spoofing Vulnerability
Read moreMedium
CVE-2022-23255
Microsoft OneDrive for Android Security Feature Bypass Vulnerability
Read moreMedium
CVE-2022-23254
Microsoft Power BI Information Disclosure Vulnerability
Read moreMedium
CVE-2022-23252
Microsoft Office Information Disclosure Vulnerability
Read moreHigh
CVE-2022-22718
Windows Print Spooler Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-22717
Windows Print Spooler Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-22712
Windows Hyper-V Denial of Service Vulnerability
Read moreMedium
CVE-2022-22710
Windows Common Log File System Driver Denial of Service Vulnerability
Read moreHigh
CVE-2022-22709
VP9 Video Extensions Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-22004
Microsoft Office ClickToRun Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-22003
Microsoft Office Graphics Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-22002
Windows User Account Profile Picture Denial of Service Vulnerability
Read moreHigh
CVE-2022-22001
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-22000
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-21998
Windows Common Log File System Driver Information Disclosure Vulnerability
Read moreHigh
CVE-2022-21996
Win32k Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-21995
Windows Hyper-V Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-21994
Windows DWM Core Library Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-21993
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
Read moreHigh
CVE-2022-21992
Windows Mobile Device Management Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-21991
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-21989
Windows Kernel Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-21988
Microsoft Office Visio Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-21987
Microsoft SharePoint Server Spoofing Vulnerability
Read moreHigh
CVE-2022-21986
.NET Denial of Service Vulnerability
Read moreMedium
CVE-2022-21985
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Read moreHigh
CVE-2022-21984
Windows DNS Server Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-21981
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-21974
Roaming Security Rights Management Services Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-21968
Microsoft SharePoint Server Security Feature Bypass Vulnerability
Read moreHigh
CVE-2022-21965
Microsoft Teams Denial of Service Vulnerability
Read moreHigh
CVE-2022-21957
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-21927
HEVC Video Extensions Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-21844
HEVC Video Extensions Remote Code Execution Vulnerability
Read moreMedium
CVE-2021-40837
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be…
Read moreCritical
CVE-2022-24677
Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php.
Read more2022-02-08
High
CVE-2022-0524
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
Read moreCritical
CVE-2022-23340
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
Read moreHigh
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.
Read moreHigh
CVE-2022-21173
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware…
Read more2022-02-07
High
CVE-2022-23263
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-23262
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-23261
Microsoft Edge (Chromium-based) Tampering Vulnerability
Read moreHigh
CVE-2021-46359
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.
Read more2022-02-06
High
CVE-2022-22833
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
Read moreHigh
CVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.…
Read more2022-02-04
Medium
CVE-2021-38130
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an informat…
Read moreCritical
CVE-2021-36152
Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
Read moreHigh
CVE-2022-23330
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.
Read moreMedium
CVE-2021-44886
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notif…
Read moreHigh
CVE-2021-43145
With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.
Read moreHigh
CVE-2021-44903
Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.…
Read moreHigh
CVE-2021-44901
Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_…
Read moreHigh
CVE-2021-44900
Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All…
Read moreHigh
CVE-2021-44899
Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.…
Read moreHigh
CVE-2021-45741
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4…
Read moreCritical
CVE-2021-45740
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin pa…
Read moreHigh
CVE-2021-45739
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parame…
Read moreHigh
CVE-2021-45737
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parame…
Read moreHigh
CVE-2021-45736
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip,…
Read moreHigh
CVE-2021-45734
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url…
Read moreHigh
CVE-2021-44246
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerabil…
Read more2022-02-03
High
CVE-2021-43323
An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45.…
Read moreHigh
CVE-2021-42113
An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allo…
Read moreHigh
CVE-2021-42060
An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulner…
Read moreHigh
CVE-2020-5953
A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariab…
Read moreHigh
CVE-2022-24069
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29.…
Read more2022-02-02
Critical
CVE-2022-21817
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire acce…
Read moreCritical
CVE-2021-39070
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-For…
Read moreMedium
CVE-2021-36177
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make…
Read moreCritical
CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Read more2022-02-01
Critical
CVE-2022-24218
An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.
Read moreMedium
CVE-2021-44746
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prio…
Read moreMedium
CVE-2022-23774
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
Read moreMedium
CVE-2021-46665
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
Read moreMedium
CVE-2021-46663
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
Read moreMedium
CVE-2021-46662
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
Read moreMedium
CVE-2021-46661
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
Read more2022-01-31
Medium
CVE-2021-40033
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause…
Read moreHigh
CVE-2021-28962
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
Read moreHigh
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.
Read moreHigh
CVE-2021-27971
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.
Read more2022-01-29
Medium
CVE-2021-46659
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
Read moreMedium
CVE-2021-46658
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
Read moreMedium
CVE-2021-46657
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
Read more2022-01-28
Medium
CVE-2022-21721
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionali…
Read moreMedium
CVE-2021-4160
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because…
Read moreHigh
CVE-2022-23727
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation ma…
Read moreMedium
CVE-2022-23456
Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.
Read moreMedium
CVE-2022-22938
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueTy…
Read moreLow
CVE-2021-40339
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. Thi…
Read moreCritical
CVE-2021-45898
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
Read moreHigh
CVE-2021-45897
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
Read moreMedium
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
Read more2022-01-27
Medium
CVE-2021-46556
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46554
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46553
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46550
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46549
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46548
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46547
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46546
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46545
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46544
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46543
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e810. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46542
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46541
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c6ae. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46540
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_get_mjs at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46539
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46538
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46537
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial of Service (DoS).
Read moreMedium
CVE-2021-46535
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service (DoS).
Read more