Uncategorized CVEs — 2022 (Page 26/27)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2022-01-11

Medium

CVE-2022-21928

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.3CWE: N/A

Medium

CVE-2022-21925

Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability

CVSS: 5.3CWE: N/A

Medium

CVE-2022-21924

Workstation Service Remote Protocol Security Feature Bypass Vulnerability

CVSS: 5.3CWE: N/A

High

CVE-2022-21922

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2022-21921

Windows Defender Credential Guard Security Feature Bypass Vulnerability

CVSS: 4.4CWE: N/A

High

CVE-2022-21920

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2022-21918

DirectX Graphics Kernel File Denial of Service Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2022-21916

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-21915

Windows GDI+ Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2022-21914

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-21913

Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass

CVSS: 5.3CWE: N/A

High

CVE-2022-21912

DirectX Graphics Kernel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21911

.NET Framework Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-21910

Microsoft Cluster Port Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21908

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Critical

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS: 9.8CWE: N/A

Medium

CVE-2022-21906

Windows Defender Application Control Security Feature Bypass Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2022-21905

Windows Hyper-V Security Feature Bypass Vulnerability

CVSS: 4.6CWE: N/A

High

CVE-2022-21904

Windows GDI Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-21903

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

Critical

CVE-2022-21901

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 9.0CWE: N/A

Medium

CVE-2022-21900

Windows Hyper-V Security Feature Bypass Vulnerability

CVSS: 4.6CWE: N/A

Medium

CVE-2022-21899

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2022-21898

DirectX Graphics Kernel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21897

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21893

Remote Desktop Protocol Remote Code Execution Vulnerability

CVSS: 8.0CWE: N/A

Medium

CVE-2022-21892

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.8CWE: N/A

High

CVE-2022-21891

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

CVSS: 7.6CWE: N/A

High

CVE-2022-21890

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-21889

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-21888

Windows Modern Execution Server Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21887

Win32k Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21885

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21884

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21883

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-21880

Windows GDI+ Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2022-21879

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2022-21878

Windows Geolocation Service Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21875

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21874

Windows Security Center API Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21873

Tile Data Repository Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21872

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21871

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21870

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21869

Clipboard User Service Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21868

Windows Devices Human Interface Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21867

Windows Push Notifications Apps Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21866

Windows System Launcher Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21865

Connected Devices Platform Service Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21864

Windows UI Immersive Server API Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21862

Windows Application Model Core API Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21861

Task Flow Data Engine Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21860

Windows AppContracts API Server Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21859

Windows Accounts Control Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21858

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21857

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

Critical

CVE-2022-21855

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0CWE: N/A

High

CVE-2022-21851

Remote Desktop Client Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-21850

Remote Desktop Client Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

Critical

CVE-2022-21849

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVSS: 9.8CWE: N/A

High

CVE-2022-21848

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2022-21847

Windows Hyper-V Denial of Service Vulnerability

CVSS: 6.5CWE: N/A

Critical

CVE-2022-21846

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS: 9.0CWE: N/A

High

CVE-2022-21843

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2022-21842

Microsoft Word Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21841

Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21840

Microsoft Office Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2022-21839

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability

CVSS: 6.1CWE: N/A

High

CVE-2022-21837

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.3CWE: N/A

High

CVE-2022-21835

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-21834

Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2022-21833

Virtual Machine IDE Drive Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web r…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-43055

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability tha…

CVSS: 5.9CWE: N/A

High

CVE-2021-43054

CVSS: 7.1CWE: N/A

High

CVE-2021-43053

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that…

CVSS: 8.5CWE: N/A

High

CVE-2021-38991

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.

CVSS: 7.8CWE: N/A

Medium

CVE-2021-29701

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build defin…

CVSS: 4.3CWE: N/A

2022-01-10

Critical

CVE-2022-22847

Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).

CVSS: 9.8CWE: N/A

High

CVE-2022-22846

The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.

CVSS: 7.5CWE: N/A

Critical

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

CVSS: 9.8CWE: N/A

High

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.

CVSS: 7.8CWE: N/A

High

CVE-2021-46164

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

CVSS: 8.8CWE: N/A

Medium

CVE-2021-46045

GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent).

CVSS: 5.5CWE: N/A

High

CVE-2021-40032

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2021-40022

The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-40006

Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.

CVSS: 4.6CWE: CWE-254

High

CVE-2021-40005

The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2021-39998

There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash an…

CVSS: 7.5CWE: N/A

High

CVE-2021-38990

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.

CVSS: 7.8CWE: N/A

Medium

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. Thi…

CVSS: 4.3CWE: N/A

2022-01-06

Medium

CVE-2021-46041

A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes a Denial of Service.

CVSS: 5.5CWE: N/A

Critical

CVE-2021-46067

In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.

CVSS: 9.8CWE: N/A

Medium

CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrar…

CVSS: 6.5CWE: N/A

High

CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device…

CVSS: 8.1CWE: N/A

High

CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email…

CVSS: 7.2CWE: N/A

Critical

CVE-2021-41842

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde Insyde…

CVSS: 9.8CWE: N/A

2022-01-05

High

CVE-2021-38918

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-28713

Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen o…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-28712

CVSS: 6.5CWE: N/A

Medium

CVE-2021-28711

CVSS: 6.5CWE: N/A

Medium

CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /s…

CVSS: 6.5CWE: N/A

High

CVE-2021-45115

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that wa…

CVSS: 7.5CWE: N/A

2022-01-04

Medium

CVE-2022-20022

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could…

CVSS: 6.5CWE: N/A

Medium

CVE-2022-20021

In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetoo…

CVSS: 6.5CWE: N/A

High

CVE-2021-45980

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.

CVSS: 7.8CWE: N/A

High

CVE-2021-40110

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James…

CVSS: 7.5CWE: N/A

Medium

CVE-2021-20872

Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier,…

CVSS: 6.8CWE: N/A

2022-01-03

High

CVE-2021-39983

The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-39981

Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call.

CVSS: 5.3CWE: N/A

High

CVE-2021-39975

Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks.

CVSS: 7.5CWE: N/A

High

CVE-2021-39969

There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2021-39968

Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class.

CVSS: 7.5CWE: N/A

High

CVE-2021-38576

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the s…

CVSS: 7.5CWE: N/A

High

CVE-2021-37133

There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

Critical

CVE-2021-37121

There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.

CVSS: 9.8CWE: N/A

High

CVE-2021-37119

There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.

CVSS: 7.5CWE: N/A

High

CVE-2021-37117

There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.

CVSS: 7.5CWE: N/A

High

CVE-2021-37113

There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A