Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21994 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability. | |||||
| CVE-2022-21872 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability. | |||||
| CVE-2022-23290 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Windows Inking COM Elevation of Privilege Vulnerability. | |||||
| CVE-2022-22715 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Named Pipe File System Elevation of Privilege Vulnerability. | |||||
| CVE-2022-22717 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22718. | |||||
| CVE-2022-22000 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981. | |||||
| CVE-2022-24459 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Windows Fax and Scan Service Elevation of Privilege Vulnerability. | |||||
| CVE-2022-21873 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
| Tile Data Repository Elevation of Privilege Vulnerability. | |||||
| CVE-2022-26938 | 1 Microsoft | 3 Windows Server, Windows Server 2016, Windows Server 2019 | 2022-05-19 | 4.4 MEDIUM | 7.0 HIGH |
| Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26932, CVE-2022-26939. | |||||
| CVE-2021-27767 | 1 Hcltech | 1 Bigfix Platform | 2022-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | |||||
| CVE-2021-27766 | 1 Hcltech | 1 Bigfix Platform | 2022-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | |||||
| CVE-2021-27765 | 1 Hcltech | 1 Bigfix Platform | 2022-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. | |||||
| CVE-2022-1397 | 1 Easyappointments | 1 Easyappointments | 2022-05-16 | 9.0 HIGH | 8.8 HIGH |
| API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. | |||||
| CVE-2022-20112 | 1 Google | 1 Android | 2022-05-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762 | |||||
| CVE-2022-20114 | 1 Google | 1 Android | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016 | |||||
| CVE-2022-20739 | 1 Cisco | 1 Sd-wan Vmanage | 2022-05-13 | 8.5 HIGH | 7.3 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. | |||||
| CVE-2022-27659 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-20759 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-13 | 8.5 HIGH | 8.8 HIGH |
| A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. | |||||
| CVE-2022-22521 | 1 Miele | 1 Benchmark Programming Tool | 2022-05-12 | 6.9 MEDIUM | 7.3 HIGH |
| In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin. | |||||
| CVE-2022-1548 | 1 Mattermost | 1 Playbooks | 2022-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. | |||||