Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22785 | 1 Zoom | 1 Meetings | 2022-05-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user. | |||||
| CVE-2022-22786 | 1 Zoom | 2 Meetings, Rooms | 2022-05-27 | 6.8 MEDIUM | 8.8 HIGH |
| The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version. | |||||
| CVE-2022-22787 | 1 Zoom | 1 Meetings | 2022-05-27 | 6.0 MEDIUM | 7.5 HIGH |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services. | |||||
| CVE-2022-22784 | 1 Zoom | 1 Meetings | 2022-05-27 | 5.5 MEDIUM | 8.1 HIGH |
| The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server. | |||||
| CVE-2022-21363 | 2 Oracle, Quarkus | 2 Mysql Connectors, Quarkus | 2022-05-27 | 6.0 MEDIUM | 6.6 MEDIUM |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-32543 | 1 Sysjust | 1 Cts Web | 2022-05-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity. | |||||
| CVE-2021-31985 | 1 Microsoft | 1 Malware Protection Engine | 2022-05-27 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-3007 | 2 Getlaminas, Zend | 2 Laminas-http, Zend Framework | 2022-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized. | |||||
| CVE-2021-29626 | 1 Freebsd | 1 Freebsd | 2022-05-27 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. | |||||
| CVE-2021-30962 | 1 Apple | 2 Macos, Tvos | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information. | |||||
| CVE-2022-29199 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29198 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29197 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29196 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29195 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2021-3922 | 1 Lenovo | 1 System Interface Foundation | 2022-05-26 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe. | |||||
| CVE-2021-3969 | 1 Lenovo | 1 System Interface Foundation | 2022-05-26 | 4.4 MEDIUM | 7.0 HIGH |
| A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges. | |||||
| CVE-2022-29193 | 1 Google | 1 Tensorflow | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29029 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2022-29030 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||