Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44484 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. | |||||
| CVE-2022-24493 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. | |||||
| CVE-2022-24497 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491. | |||||
| CVE-2022-24481 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521. | |||||
| CVE-2021-44506 | 1 Yottadb | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. | |||||
| CVE-2021-44505 | 1 Yottadb | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. | |||||
| CVE-2022-24479 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. | |||||
| CVE-2020-6423 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-24474 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542. | |||||
| CVE-2022-24854 | 1 Metabase | 1 Metabase | 2022-04-22 | 6.5 MEDIUM | 8.8 HIGH |
| Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you're unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected. | |||||
| CVE-2021-32278 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32277 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32276 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. | |||||
| CVE-2021-32274 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. | |||||
| CVE-2021-32273 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. | |||||
| CVE-2021-32272 | 2 Debian, Faad2 Project | 2 Debian Linux, Faad2 | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution. | |||||
| CVE-2020-8704 | 2 Intel, Siemens | 25 Local Manageability Service, Simatic Field Pg M5, Simatic Field Pg M5 Firmware and 22 more | 2022-04-22 | 4.4 MEDIUM | 6.4 MEDIUM |
| Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8703 | 3 Intel, Netapp, Siemens | 368 B150, B250, B360 and 365 more | 2022-04-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8670 | 3 Intel, Netapp, Siemens | 567 Bios, Core I3-l13g4, Core I5-l16g7 and 564 more | 2022-04-22 | 4.4 MEDIUM | 6.4 MEDIUM |
| Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24513 | 3 Debian, Intel, Siemens | 71 Debian Linux, Atom C3308, Atom C3336 and 68 more | 2022-04-22 | 2.1 LOW | 6.5 MEDIUM |
| Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||