Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23253 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Point-to-Point Tunneling Protocol Denial of Service Vulnerability. | |||||
| CVE-2022-23294 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Event Tracing Remote Code Execution Vulnerability. | |||||
| CVE-2018-0902 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884. | |||||
| CVE-2018-0882 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880. | |||||
| CVE-2018-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0880 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882. | |||||
| CVE-2018-0884 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902. | |||||
| CVE-2018-0883 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-23 | 7.6 HIGH | 7.5 HIGH |
| Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability". | |||||
| CVE-2014-3392 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-23 | 8.3 HIGH | N/A |
| The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136. | |||||
| CVE-2021-26339 | 1 Amd | 168 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 165 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. | |||||
| CVE-2021-27363 | 3 Debian, Linux, Netapp | 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more | 2022-05-23 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. | |||||
| CVE-2021-27080 | 1 Microsoft | 1 Azure Sphere | 2022-05-23 | 7.2 HIGH | 8.8 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27074. | |||||
| CVE-2021-27074 | 1 Microsoft | 1 Azure Sphere | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2021-27080. | |||||
| CVE-2021-27054 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2022-05-23 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27053. | |||||
| CVE-2022-28873 | 1 F-secure | 1 Safe | 2022-05-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks. | |||||
| CVE-2022-28872 | 1 F-secure | 1 Safe | 2022-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop. | |||||
| CVE-2021-28789 | 1 Apple-swift-format Project | 1 Apple-swift-format | 2022-05-20 | 6.8 MEDIUM | 7.8 HIGH |
| The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. | |||||
| CVE-2021-28794 | 1 Shellcheck Project | 1 Shellcheck | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. | |||||
| CVE-2021-28967 | 1 Microsoft | 1 Visual Studio Code | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. | |||||
| CVE-2021-28956 | 1 Sass Lint Project | 1 Sass Lint | 2022-05-20 | 6.8 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||