Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45222 | 1 Coins-global | 1 Construction Cloud | 2022-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel. | |||||
| CVE-2022-0277 | 1 Microweber | 1 Microweber | 2022-01-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0166 | 1 Mcafee | 1 Agent | 2022-01-25 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file. | |||||
| CVE-2022-0125 | 1 Gitlab | 1 Gitlab | 2022-01-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project. | |||||
| CVE-2022-0090 | 1 Gitlab | 1 Gitlab | 2022-01-25 | 5.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI. | |||||
| CVE-2022-21310 | 2 Netapp, Oracle | 3 Oncommand Insight, Oncommand Workflow Automation, Mysql | 2022-01-24 | 4.0 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2017-10690 | 2 Puppet, Redhat | 3 Puppet, Puppet Enterprise, Satellite | 2022-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4 | |||||
| CVE-2021-44828 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2022-01-21 | 7.2 HIGH | 7.8 HIGH |
| Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes. | |||||
| CVE-2022-21954 | 1 Microsoft | 1 Edge Chromium | 2022-01-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970. | |||||
| CVE-2021-34998 | 1 Watchguard | 1 Panda Antivirus | 2022-01-20 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-14208. | |||||
| CVE-2022-23118 | 1 Jenkins | 1 Debian Package Builder | 2022-01-19 | 9.0 HIGH | 8.8 HIGH |
| Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | |||||
| CVE-2022-23117 | 1 Jenkins | 1 Conjur Secrets | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | |||||
| CVE-2022-21887 | 1 Microsoft | 1 Windows 11 | 2022-01-19 | 7.2 HIGH | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882. | |||||
| CVE-2021-39623 | 1 Google | 1 Android | 2022-01-14 | 10.0 HIGH | 9.8 CRITICAL |
| In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348 | |||||
| CVE-2022-22266 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 3.3 LOW |
| (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | |||||
| CVE-2022-22263 | 1 Google | 1 Android | 2022-01-14 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||||
| CVE-2021-45440 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-01-14 | 7.2 HIGH | 7.8 HIGH |
| A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-39982 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications. | |||||
| CVE-2021-41388 | 2 Apple, Netskope | 2 Macos, Netskope | 2022-01-13 | 7.2 HIGH | 7.8 HIGH |
| Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level. | |||||
| CVE-2021-31833 | 1 Mcafee | 1 Application And Change Control | 2022-01-12 | 4.6 MEDIUM | 7.8 HIGH |
| Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. | |||||